Email Icon
info@urmconsulting.com
Phone Icon
0118 206 5410
URM NEWS
25
October 2022

ISO/IEC 27001:2022 Published on 25 October

On 25 October 2022, the International Organization for Standardization published the latest version of ISO 27001 and updated its title to ‘Information security, cybersecurity and privacy protection — Information security management systems — Requirements’.  In line with its title, this latest version of ISO 27001 reflects a broader context and that preventing, detecting and responding to cyberattacks is now considered, as well as protecting information and data.

The 2022 version of the Standard provides the updated requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of your organisation.

What are the key changes?

The major change to the Standard has been the incorporation of the control set from ISO 27002:2022 into Annex A of ISO 27001:2022.  Naturally, threats change over time and the new Annex A controls reflect some of the threats that have emerged since the 2013 version was published, e.g., the increasing range of cyber-related threats and moves towards home and remote working.

There have also been a number of changes to the management system clauses, with the goal of making some of the requirements more explicit and improving the alignment (structure, terms and definitions) with other Annex SL standards, such as ISO 9001 and ISO 22301.

How URM can help

URM is ideally placed to help organisations certify against the updated Standard.  Should you already be certified to ISO 27001:2013, we can provide you with the following practical support to help you quickly and seamlessly transition to the 2022 version of the Standard:

Not certified?

If you are not certified, now has never been a better time to develop an information security management system and achieve certification. If you would like to understand more about the benefits and what’s involved in implementing ISO 27001, please register your interest here and we will be in touch.

URM’s consultants have assisted over 400 organisations achieve and maintain certification to ISO 27001.
Find out more
Latest BLog
Governance, Risk Management and Compliance
|
Information Security
|
PCI DSS 

Quantum Computing – the Risks to Encryption and the Implications for PCI DSS

Latest update:
25 Apr
2025

URM’s blog explains the threat quantum computing poses to current encryption methods, how this may impact the PCI DSS, and how these challenges may be overcome.

Read more
Thumbnail of the Blog Illustration
Data Protection
updateD:
17/4/2025
Are you Processing Special Category Personal Data Without Knowing It?

URM’s blog breaks down the GDPR requirements around special category personal data and how organisations can avoid processing this data inadvertently.

Read more
Thumbnail of the Blog Illustration
Cyber Security
updateD:
17/4/2025
Cyber Security and Resilience Bill Policy Statement – What to Expect

URM’s blog explains the measures the Bill will introduce, the entities it will bring into regulatory scope & what the Bill could mean for your organisation.

Read more
Thumbnail of the Blog Illustration
Information Security
updateD:
16/4/2025
ISO 27001:2022 - A.5 Organisational Controls (Supplier Management)

URM’s blog explains the importance of the 5 supplier management controls in ISO 27001 & provides practical guidance on how to implement each control.

Read more
"
We have been using the services provided by URM for a couple of years now. They have been excellent in providing their expertise on ISO 27001 and SOC 2, which was instrumental in guiding us on our compliance and certification journey. Thanks to their professionalism and knowledge, we continue to obtain certifications smoothly and with confidence.
Keyloop
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.