Skip links

New 2022 version of the ISO/IEC 27001 standard

New 2022 version of the ISO/IEC 27001 standard


Today a new version of the ISO/IEC 27001 standard has been published. It was clearly anticipated by the changes that ISO/IEC 27002 had in February of this year, and which naturally impacts Annex A of controls of the standard that establishes the certification requirements for an information security management system.

Also today, the new version of the ISO/IEC 27005 standard, which establishes the guides for information security risk management, has become public.

The new version of 27001 introduces minor changes to the body of the management system, and explicitly states that it can be used as a basis for managing information security, data protection and cybersecurity.

The most important changes were made in updating the list of controls suggested as a baseline, both in its content and in the grouping format.

As in the past, a change in a certification standard does not have an immediate impact on organizations that are close to or already certified. There is a transition period, during which organizations must adapt their ISMS.

At Datasec since 2004 we have been providing support to organizations in the implementation of Information Security Management Systems, at the time with the British standard BS 7799-2, and working with the list of controls established by ISO/IEC 17799 published in the year 2000.

Welcome this update that allows updating a widely used standard, in a context of important changes in the risks of information security, data protection and cybersecurity that organizations must manage, and that did not receive a relevant change since 2013.

All relevant information here: