Uploaded byCarlosEPrezTorres
PPTX, PDF7 views

Difference between ISO-27001 2015 and ISO-270012022

ISO-270012015 vs ISO-270012022

Technology
Related topics:
ISO 27001 Overview
Download to read offline
ISO 27001:2015 vs ISO 27001:2022 Understanding the Key Differences and What They Mean for Your ISMS. This presentation will guide you through the critical updates, helping your organization navigate the transition seamlessly.
Why the Update? The digital landscape evolves rapidly, and with it, the threats to information security. The ISO 27001:2022 update, published in October 2022, is a proactive response to these evolving cybersecurity and privacy challenges. 1 Modern Risk Alignment It aligns ISO 27001 with modern digital business risks and updated ISO management standards. 2 Enhanced Relevance Ensures the standard remains relevant and effective in today's complex threat environment. 3 Transition Urgency Organizations must prepare to update their certification as the transition deadline is approaching.
Structural Changes: Clauses 4 to 10 While the total number of clauses in the main body remains at 11, the 2022 revision introduces minor but important textual updates. These changes enhance clarity and ensure better alignment with the high-level structure of the ISO Annex SL framework, promoting easier integration with other management system standards. Clause 4.2: Interested Party Requirements New requirement to analyze which interested party requirements the ISMS will specifically address. Clause 4.4: ISMS Processes and Interactions Expanded focus on identifying and managing all ISMS processes and their critical interactions. Clause 6.3: Planning for Changes Explicitly introduced planning for changes to the ISMS, ensuring controlled modifications. Clause 8.1: Operational Process Control Requirement to establish specific criteria and control for operational processes. Clause 9.3: Management Review Management review must now explicitly consider changes in interested parties’ needs.
Annex A Controls: Major Overhaul The most significant changes are found in Annex A, where the controls have been substantially revised to address modern cybersecurity challenges. The total number of controls has been reduced from 114 in 2015 to 93 in 2022. The controls are now organized into four broad categories: Organizational Controls (37 controls): Focus on how an organization structures its security. People Controls (8 controls): Address human aspects of information security. Physical Controls (14 controls): Cover the security of physical assets and locations. Technological Controls (34 controls): Deal with technological measures for protection.
The 11 New Annex A Controls The 2022 revision introduces 11 entirely new controls in Annex A, directly addressing emerging threats and technological advancements. These additions are crucial for comprehensive information security in the current digital landscape. • Threat intelligence • Information security for cloud services • ICT readiness for business continuity • Physical security monitoring • Configuration management • Information deletion • Data masking • Data leakage prevention • Monitoring activities • Web filtering • Secure coding
What Happened to the Removed Controls? It's important to note that no controls were outright deleted from ISO 27001. Instead, the 2022 update focused on streamlining and consolidating existing controls to improve efficiency and relevance. Merged Controls 57 controls were merged into 24 streamlined controls, reducing redundancy and simplifying implementation. Renamed Controls 23 controls were renamed for greater clarity and better alignment with current security terminology. Split Controls 1 control was split into two distinct controls, allowing for more precise management of specific aspects. This thoughtful reorganization results in a more focused, relevant, and manageable control set that aligns seamlessly with ISO 27002:2022, the guidance standard for implementing these controls.
Terminology and Editorial Updates Beyond the structural and control changes, the 2022 revision includes several key terminology and editorial updates to improve clarity, consistency, and usability across the standard. 1 Document vs. International Standard The term "International Standard" has been replaced by "document" throughout, ensuring better clarity and easier translation across different languages and contexts. 2 Simplified Communication Requirements Clause 7.4, which addresses communication, has been simplified to streamline requirements and reduce unnecessary complexities. 3 Reordered Improvement Clause The Improvement clause now places "Continual Improvement" before "Nonconformity and Corrective Action," emphasizing a proactive approach to enhancing the ISMS. 4 Security Objectives Emphasis Increased emphasis on documenting and regularly monitoring security objectives to ensure their effectiveness and relevance.
Impact on Your ISMS and Certification The transition to ISO 27001:2022 has significant implications for organizations with existing certifications and those planning to implement an ISMS. Documentation Updates: Organizations must update their ISMS documentation, including policies, procedures, and risk assessments, to align with the new 2022 version's requirements and controls. Training and Support: Transition training and updated auditor courses are available to support organizations in achieving and maintaining compliance with the new standard. Enhanced Security Posture: This update offers a valuable opportunity to strengthen your organization's overall security posture through the adoption of new controls and clearer, more efficient processes.
Practical Steps to Transition To ensure a smooth transition to the ISO 27001:2022 standard, organizations should follow a structured approach. 01 Conduct Gap Analysis Compare your current ISMS against the ISO 27001:2022 requirements to identify areas needing adjustment. 02 Update Risk Assessment Revise your risk assessment and treatment plans, ensuring the new Annex A controls are incorporated. 03 Revise ISMS Processes Adjust your ISMS processes to include planning for changes and clear definitions of process interactions. 04 Train Staff Provide comprehensive training on new controls and updated roles and responsibilities to all relevant personnel. 05 Schedule Audits & Reviews Plan internal audits and management reviews that reflect the new clause requirements and control sets.
Embrace the 2022 Update for Stronger Security The ISO 27001:2022 update is not merely a compliance exercise, but a strategic opportunity to enhance your organization's resilience against modern cyber threats. Modernization It modernizes and streamlines information security management, making it more effective for today’s digital world. Threat Focus The updated standard focuses on emerging threats and the realities of digital transformation. Integrated Compliance It aligns seamlessly with other ISO management standards, facilitating integrated compliance efforts. Enhanced Resilience Transitioning now maintains your certification and significantly enhances your organization's overall resilience. Your ISMS is not just a regulatory checkbox; it is a critical strategic asset that builds trust and secures your future.

More Related Content

PDF
ISO 27001 2002 Update Webinar.pdf
byControlCase
 
PDF
ISO 27001:2022 What has changed.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
 
PDF
issg-iso27002-standard-270422 ppt slides
bysilverfoxofs
 
PDF
New ISO 27002 Webinar - 24 March 2022.pdf
bytp409365
 
PDF
Changes in New_ISO_27001_2022 Lead Auditor.pdf
byNaimUzZaman2
 
PDF
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
byJhonGIg
 
ISO 27001 2002 Update Webinar.pdf
byControlCase
 
ISO 27001:2022 What has changed.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
 
issg-iso27002-standard-270422 ppt slides
bysilverfoxofs
 
New ISO 27002 Webinar - 24 March 2022.pdf
bytp409365
 
Changes in New_ISO_27001_2022 Lead Auditor.pdf
byNaimUzZaman2
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
byJhonGIg
 

Similar to Difference between ISO-27001 2015 and ISO-270012022

PPTX
New ISO 27001_2022 standard and the changes
byMayank Mathur
 
PPTX
ISO_27001_Controls_Overview in short.pptx
byNirajKumar806779
 
PDF
New_ISO_27001_2022_1666702031_Parte4.pdf
byAjysCorporation
 
PDF
ISO 27701:2022 Data Privacy New Version Presentation
byyogaallworks
 
PDF
ISMS Transition from ISO 27001:2013 to 2022.pdf
byMathewPVarghese1
 
PDF
Transitioning to iso 27001 2013
bySAIGlobalAssurance
 
PDF
WEBINAR: Transitioning to ISO/IEC 27001: 2013
bySAIGlobalAssurance
 
PDF
UL DQS India News Letter - iSeeek jun_2014
byDQS India
 
PDF
New ISO 27002 2022 IT Controls Hernan Huwyler
byHernanHuw
 
PDF
New_ISO_27001_2022_1666702031_Parte5.pdf
byAjysCorporation
 
PDF
NQA-ISO-27001-Implementation-Guide.pdf..
byssuserc911b3
 
PDF
NQA-ISO-27001-Implementation-Guide and implementation procedure book
byKrushna Mahapatra
 
PDF
ISO 27001:2013 - Changes
byn|u - The Open Security Community
 
PPTX
ISO 27001 Training Module 1 - An Introduction to ISO 27001.pptx
byMustafaHaydar3
 
PDF
ISO 27002 2013 Atualizações / mudanças
byFernando Palma
 
PDF
ISO 27001 is the commonly used standard for ISMS implementation and certifica
byIbrahim78026
 
PDF
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
ISO_27001_2022_Presentation ISO_27001_2022_Presentation.pptx
bytanvirahmed5455
 
PDF
Infosec Audit Lecture_4
byObrina Candra, CISA, ISMS-LA
 
PDF
ISO 27001_2022 Standard_Presentation.pdf
bySerkanRafetHalil1
 
New ISO 27001_2022 standard and the changes
byMayank Mathur
 
ISO_27001_Controls_Overview in short.pptx
byNirajKumar806779
 
New_ISO_27001_2022_1666702031_Parte4.pdf
byAjysCorporation
 
ISO 27701:2022 Data Privacy New Version Presentation
byyogaallworks
 
ISMS Transition from ISO 27001:2013 to 2022.pdf
byMathewPVarghese1
 
Transitioning to iso 27001 2013
bySAIGlobalAssurance
 
WEBINAR: Transitioning to ISO/IEC 27001: 2013
bySAIGlobalAssurance
 
UL DQS India News Letter - iSeeek jun_2014
byDQS India
 
New ISO 27002 2022 IT Controls Hernan Huwyler
byHernanHuw
 
New_ISO_27001_2022_1666702031_Parte5.pdf
byAjysCorporation
 
NQA-ISO-27001-Implementation-Guide.pdf..
byssuserc911b3
 
NQA-ISO-27001-Implementation-Guide and implementation procedure book
byKrushna Mahapatra
 
ISO 27001:2013 - Changes
byn|u - The Open Security Community
 
ISO 27001 Training Module 1 - An Introduction to ISO 27001.pptx
byMustafaHaydar3
 
ISO 27002 2013 Atualizações / mudanças
byFernando Palma
 
ISO 27001 is the commonly used standard for ISMS implementation and certifica
byIbrahim78026
 
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO_27001_2022_Presentation ISO_27001_2022_Presentation.pptx
bytanvirahmed5455
 
Infosec Audit Lecture_4
byObrina Candra, CISA, ISMS-LA
 
ISO 27001_2022 Standard_Presentation.pdf
bySerkanRafetHalil1
 

Recently uploaded

PDF
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
PDF
AWS re:Invent 2025 Event Presentation Slides
byZilliz
 
PPTX
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
PDF
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PDF
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PPTX
Your First Deep Learning project With CNN (workshop).pptx
byMuhammad Fahad Bashir
 
PDF
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
Save administrator time with the automated remediation capabilities of Red Ha...
byPrincipled Technologies
 
PDF
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
PPTX
Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs
byEric D. Schabell
 
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
AWS re:Invent 2025 Event Presentation Slides
byZilliz
 
OutSystems ONE 2025-recap presentation.pptx
bymostafaothman27
 
Configure and Secure SSH - RHCSA (RH124).pdf
byLinuxCert Guru
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
Transform Your Online Store with AltiusNxt AI Enriched data
byAltiusNxt Technologies
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
MathML Core in WebKit
byIgalia
 
Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
byPavel Shukhman
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF Security Intelligence Platform | Cybersecurity Project by Ashish Patil
byAshishPatil495087
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Your First Deep Learning project With CNN (workshop).pptx
byMuhammad Fahad Bashir
 
The Future-Ready PMO: Unlocking Project Success with Copilot and AI Innovatio...
byWellingtone
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
Save administrator time with the automated remediation capabilities of Red Ha...
byPrincipled Technologies
 
Q3'25 Financial Results and Earnings Presentation
byDropbox
 
Expanding Your Toolbox: Beginners Guide to Controlling Kubernetes Logs
byEric D. Schabell
 

Difference between ISO-27001 2015 and ISO-270012022

  • 1.
    ISO 27001:2015 vsISO 27001:2022 Understanding the Key Differences and What They Mean for Your ISMS. This presentation will guide you through the critical updates, helping your organization navigate the transition seamlessly.
  • 2.
    Why the Update? Thedigital landscape evolves rapidly, and with it, the threats to information security. The ISO 27001:2022 update, published in October 2022, is a proactive response to these evolving cybersecurity and privacy challenges. 1 Modern Risk Alignment It aligns ISO 27001 with modern digital business risks and updated ISO management standards. 2 Enhanced Relevance Ensures the standard remains relevant and effective in today's complex threat environment. 3 Transition Urgency Organizations must prepare to update their certification as the transition deadline is approaching.
  • 3.
    Structural Changes: Clauses4 to 10 While the total number of clauses in the main body remains at 11, the 2022 revision introduces minor but important textual updates. These changes enhance clarity and ensure better alignment with the high-level structure of the ISO Annex SL framework, promoting easier integration with other management system standards. Clause 4.2: Interested Party Requirements New requirement to analyze which interested party requirements the ISMS will specifically address. Clause 4.4: ISMS Processes and Interactions Expanded focus on identifying and managing all ISMS processes and their critical interactions. Clause 6.3: Planning for Changes Explicitly introduced planning for changes to the ISMS, ensuring controlled modifications. Clause 8.1: Operational Process Control Requirement to establish specific criteria and control for operational processes. Clause 9.3: Management Review Management review must now explicitly consider changes in interested parties’ needs.
  • 4.
    Annex A Controls:Major Overhaul The most significant changes are found in Annex A, where the controls have been substantially revised to address modern cybersecurity challenges. The total number of controls has been reduced from 114 in 2015 to 93 in 2022. The controls are now organized into four broad categories: Organizational Controls (37 controls): Focus on how an organization structures its security. People Controls (8 controls): Address human aspects of information security. Physical Controls (14 controls): Cover the security of physical assets and locations. Technological Controls (34 controls): Deal with technological measures for protection.
  • 5.
    The 11 NewAnnex A Controls The 2022 revision introduces 11 entirely new controls in Annex A, directly addressing emerging threats and technological advancements. These additions are crucial for comprehensive information security in the current digital landscape. • Threat intelligence • Information security for cloud services • ICT readiness for business continuity • Physical security monitoring • Configuration management • Information deletion • Data masking • Data leakage prevention • Monitoring activities • Web filtering • Secure coding
  • 6.
    What Happened tothe Removed Controls? It's important to note that no controls were outright deleted from ISO 27001. Instead, the 2022 update focused on streamlining and consolidating existing controls to improve efficiency and relevance. Merged Controls 57 controls were merged into 24 streamlined controls, reducing redundancy and simplifying implementation. Renamed Controls 23 controls were renamed for greater clarity and better alignment with current security terminology. Split Controls 1 control was split into two distinct controls, allowing for more precise management of specific aspects. This thoughtful reorganization results in a more focused, relevant, and manageable control set that aligns seamlessly with ISO 27002:2022, the guidance standard for implementing these controls.
  • 7.
    Terminology and EditorialUpdates Beyond the structural and control changes, the 2022 revision includes several key terminology and editorial updates to improve clarity, consistency, and usability across the standard. 1 Document vs. International Standard The term "International Standard" has been replaced by "document" throughout, ensuring better clarity and easier translation across different languages and contexts. 2 Simplified Communication Requirements Clause 7.4, which addresses communication, has been simplified to streamline requirements and reduce unnecessary complexities. 3 Reordered Improvement Clause The Improvement clause now places "Continual Improvement" before "Nonconformity and Corrective Action," emphasizing a proactive approach to enhancing the ISMS. 4 Security Objectives Emphasis Increased emphasis on documenting and regularly monitoring security objectives to ensure their effectiveness and relevance.
  • 8.
    Impact on YourISMS and Certification The transition to ISO 27001:2022 has significant implications for organizations with existing certifications and those planning to implement an ISMS. Documentation Updates: Organizations must update their ISMS documentation, including policies, procedures, and risk assessments, to align with the new 2022 version's requirements and controls. Training and Support: Transition training and updated auditor courses are available to support organizations in achieving and maintaining compliance with the new standard. Enhanced Security Posture: This update offers a valuable opportunity to strengthen your organization's overall security posture through the adoption of new controls and clearer, more efficient processes.
  • 9.
    Practical Steps toTransition To ensure a smooth transition to the ISO 27001:2022 standard, organizations should follow a structured approach. 01 Conduct Gap Analysis Compare your current ISMS against the ISO 27001:2022 requirements to identify areas needing adjustment. 02 Update Risk Assessment Revise your risk assessment and treatment plans, ensuring the new Annex A controls are incorporated. 03 Revise ISMS Processes Adjust your ISMS processes to include planning for changes and clear definitions of process interactions. 04 Train Staff Provide comprehensive training on new controls and updated roles and responsibilities to all relevant personnel. 05 Schedule Audits & Reviews Plan internal audits and management reviews that reflect the new clause requirements and control sets.
  • 10.
    Embrace the 2022Update for Stronger Security The ISO 27001:2022 update is not merely a compliance exercise, but a strategic opportunity to enhance your organization's resilience against modern cyber threats. Modernization It modernizes and streamlines information security management, making it more effective for today’s digital world. Threat Focus The updated standard focuses on emerging threats and the realities of digital transformation. Integrated Compliance It aligns seamlessly with other ISO management standards, facilitating integrated compliance efforts. Enhanced Resilience Transitioning now maintains your certification and significantly enhances your organization's overall resilience. Your ISMS is not just a regulatory checkbox; it is a critical strategic asset that builds trust and secures your future.