BM CertificationNews
Changes in the New ISO/IEC 27001 and ISO/IEC 27002

Changes in the New ISO/IEC 27001 and ISO/IEC 27002

The ISO 27001 standard for information security management is currently being revised, while a new version of the ISO / IEC 27002 standard was published in February this year.

Changes in the New ISO/IEC 27001 and ISO/IEC 27002

What is the difference between ISO / IEC 27001 and ISO / IEC 27002?

Companies can obtain ISO / IEC 27001 certification for system compliance, but not ISO / IEC 27002.

The ISO / IEC 27001 standard provides a framework for information security management, while ISO / IEC 27002 provides guidelines for information security management practices, including the implementation and management of controls, taking into account an organization’s information security risk.

The new ISO / IEC 27001: 2022 standard introduces a number of changes, including:

  • The new standard has 93 controls divided into 4 domains, previously 114 controls and 14 domains
  • Each control has 5 attributes
    • How to categorize: preventative, detective, corrective
    • Information security features: confidentiality, integrity, availability (CIA);
    • Cyber security concepts: identity, protection, identification, response, recovery;
    • Operational capabilities: governance, asset management, information security, human resource security, etc.
    • Security domains: governance, protection, resilience.

The new ISO / IEC 27001: 2022 standard introduces new controls, including:

  • Identity management
  • Deletion of information
  • Data masking
  • other

If you have any questions or concerns, feel free to contact BM Certification, we always keep up to date and are able to find answers to your questions. https://bmcertification.com/contacts/

Find out more about the current ISO27001 standard on our website: https://bmcertification.com/information-security-and-data-security/iso-27001-information-security-management-system/

The new ISO 27002: 2022 is available here: https://www.iso.org/standard/75652.html

Get quotation

Get quotation

Legal adress

Contact person

By what standard do you want to certify a company?

Quality, occupational health and environment
Information security and data security
Supply chain certification
Sustainable Development
Food safety certification
Construction product certification
Certification of wooden house construction sets
Timber Regulation
Forest management certification

Please describe what the company does and which processes and / or products / services you want to certify.

Additional comment

Thank you, your application has been received!

Do you want to close the form?
Data will not be saved or sent.

Send us a message

Send us a message

Thank you, your message has been received!