Main changes in ISO/IEC 27001:2022
1. Appendix A references the information security controls described in ISO/IEC 27002:2022, which includes the control title and information of the control
2. Clause 6.1.3 c) has been revised and edited, including Removed control objective and used "information security control" instead of "control"
3. Re-edited the wording in clause 6.1.3 d) to remove potential ambiguity
4. Determined to be processed by ISMS by adding new clause 4.2 c) 5. By adding a new subclause 6.3 - Planning of changes, it is defined that changes to the ISMS should be carried out by
the organization in a planned manner
6. Maintain consistency with the relevant verbs in the written text, for example, in 9.1, Clauses 9.2.2, 9.3.3 and 10.2 use "written information shall be evidence of XXX"
7. Replace "outsourced process" in clause 8.1 with "externally provided processes, products and services" and delete "outsourced 8.
Renamed and reordered the subclauses of Clause 9.2 - Internal Audit and Clause 9.3 - Management Review
9. Swapped the order of the two subclauses to Clause 10 - Improved
10. Versioned relevant documents listed in the Bibliography Updates such as ISO/IEC 27002 and ISO 31000
11. Some deviations from ISO/IEC 27001:2013 clause 6.2 d) high-level structure, same core text, common terms and core definitions
ISO/IEC 27001:2022 Transition time 3-year transitional period starting in October
2022 (to October 2025)
Published in October 2022 ISO/IEC 27001:2022
2022.10-2023.10
New and existingCertification can still be assessed against ISO/IEC 27001:2013
2023.10.24
After October 24, 2023, there will be no initial and re-certification audits for ISO/IEC 27001:2013 2025.10.25
All
ISO/IEC 27001:2013 certifications will be Must expire, or be withdrawn no later than October 25, 2025
ISO IEC 27001-2022 "Information Security, Network Security and Privacy Protection Information Security Management System Requirements"
Guess you like
Origin blog.csdn.net/std7879/article/details/127724377
Recommended
Ranking