In February 2022, ISO 27002:2022 – the standard which
provides the best practice controls that organisations can
implement to improve security – was updated. As a result,
a new version of ISO 27001 – the international standard
which outlines the requirements of an information security
management system (ISMS) – was also published on 25
The new version of the standard features the controls
outlined by ISO 27002:2022, and organisations will need to
revisit their risk assessment to determine whether updates
or new risk treatments need to be implemented.
Organisations with existing ISO 27001:2013 certification
will have three years to transition to the new standard.