IT Management System

Latest News
Enquiry Form
* indicates required field

Changes in the ISO 27001:2022 management system

The text of the mandatory clauses 4 through 10 has changed only slightly, mainly to align with ISO 9001, ISO 14001, and other ISO management standards, and with Annex SL.

Here’s a brief overview of the changes in ISO 27001:2022:

  • In clause 4.2 (Understanding the needs and expectations of interested parties), item (c) was added requiring an analysis of which of the interested party requirements must be addressed through the ISMS.
  • In clause 4.4 (Information security management system), a phrase was added requiring planning for processes and their interactions as part of the ISMS.
  • In clause 5.3 (Organizational roles, responsibilities and authorities), a phrase was added to clarify that communication of roles is done internally within the organization.
  • In clause 6.2 (Information security objectives and planning to achieve them), item (d) was added that requires objectives to be monitored.
  • Clause 6.3 (Planning of changes) was added, requiring that any change in the ISMS needs to be done in a planned manner.
  • In clause 7.4 (Communication), item (e) was deleted, which required setting up processes for communication.
  • In clause 8.1 (Operational planning and control), new requirements were added for establishing criteria for security processes, and for implementing processes according to those criteria. In the same clause, the requirement to implement plans for achieving objectives was deleted.
  • In clause 9.3 (Management review), the new item 9.3.2 c) was added that clarifies that inputs from interested parties need to be about their needs and expectations, and relevant to the ISMS.
  • In clause 10 (Improvement), the subclauses have changed places, so the first one is Continual improvement (10.1), and the second one is Nonconformity and corrective action (10.2), while the text of those clauses has not changed.

The structure of ISO 27001 – Annex A has undergone a complete overhaul. The updated version of ISO 27001 has been restructured and revised.

First, the modified ISO 27001 does not identify with the commonly used phrase β€˜code of practice’. This helps outline its purpose through the set of information security controls.

Secondly, the number of controls has decreased from 114 to 93 in the new version of ISO 27001. These security controls are now divided into four chapters instead of the previous 14. The new domains of ISO 27002:2022 are:

  • Chapter 5: Organizational (37 controls)
  • Chapter 6: People (8 controls)
  • Chapter 7: Physical (14 controls)
  • Chapter 8: Technology (34 controls)

In the newly revised ISO 27001, 35 controls remained unchanged, 23 controls have been renamed, and 57 controls have been merged to form 24 controls. Only one control was divided into two: Control 18.2.3 – Technical Compliance Review has been split into 8.8 – Management of technical vulnerabilities and 5.3.6 – Conformity with policies and standards of information security. Eleven new controls have been added to the latest version:

  • Threat Intelligence
  • Physical security monitoring
  • Data masking
  • Information security for cloud services
  • Monitoring activities
  • ICT readiness for business continuity
  • Data leakage prevention
  • Configuration management
  • Web filtering
  • Information deletion
  • Secure coding

The merging and addition of new controls create five major security attributes that make them easier to group. They are control types, operational capabilities, security domains, cybersecurity concepts, and information security properties.

πŸ’» IT Governance, Information Security & Service Excellence

Secure Systems β€’ Reliable Services β€’ Continuous Improvement

Overview

At SGQ INNOVATIONS, we help organizations build, secure, and optimize their IT operations through globally recognized frameworks β€” ISO 27001, ISO 20000, and CMMI.

Our services are designed to protect information, improve service reliability, and enhance organizational maturity β€” ensuring your IT systems are secure, efficient, and globally compliant.

β€œSecure Information β€’ Smart IT β€’ Sustainable Growth.”

Our Core IT Compliance & Excellence Services

πŸ” 1️⃣ ISO 27001:2022 – Information Security Management Systems (ISMS)

Build confidence and resilience in your information assets.

We help organizations design, implement, and certify Information Security Management Systems (ISMS) that comply with ISO 27001:2022, protecting data integrity, confidentiality, and availability.

Our Expertise Includes:

  • ISMS Policy, Risk Assessment & Risk Treatment Plans
  • Information Asset Classification & Access Control
  • Legal & Regulatory Compliance (GDPR, IT Act, etc.)
  • Security Incident & Data Breach Response Frameworks
  • Supplier & Cloud Security Controls
  • Internal Audit, Management Review & Certification Support
  • Integration with ISO 9001, 22301, and 20000 frameworks

Benefits:
βœ… Protect sensitive information and prevent data breaches
βœ… Ensure business continuity and cyber resilience
βœ… Build trust with clients and regulators

βš™οΈ 2️⃣ ISO 20000-1:2018 – IT Service Management System (ITSM)

Enhance the quality and reliability of IT services through structured management practices.

Our Services Include:

  • ITSM Framework Design & Implementation (ISO 20000-1:2018)
  • Service Catalog, SLA, and Incident Management Systems
  • Change, Problem, and Configuration Management
  • Process Mapping, SOP Development & Role Definition
  • IT Governance & Continual Improvement Integration
  • Internal Audit & Certification Readiness Support

Benefits:
βœ… Improve IT service reliability and customer satisfaction
βœ… Reduce downtime and enhance service delivery consistency
βœ… Align IT operations with global business standards

🧩 3️⃣ CMMI – Capability Maturity Model Integration

Strengthen your IT and software development processes with the globally respected CMMI framework.

We support organizations in implementing CMMI for Development (CMMI-DEV) and CMMI for Services (CMMI-SVC) models to enhance process maturity, predictability, and performance.

Our Services Include:

  • CMMI Level 2–5 Implementation Roadmaps
  • Process Gap Assessment & Benchmarking
  • Process Documentation & SOP Development
  • Appraisal Preparation & SCAMPI Readiness Support
  • Integration of CMMI with ISO 9001 & ISO 27001 Systems
  • Continuous Process Improvement Programs

Benefits:
βœ… Improved project delivery timelines & quality consistency
βœ… Reduced rework, errors, and cost overruns
βœ… Stronger process capability and stakeholder confidence

Why Choose SGQ INNOVATIONS

βœ… Certified ISO 27001 & ISO 20000 Lead Auditors and Implementers
βœ… CMMI-Appraisal Ready Consulting Framework
βœ… Integrated IT Governance Approach (Quality + Security + Service)
βœ… Experience Across IT, Pharma, Manufacturing, and Service Sectors
βœ… Comprehensive Documentation, Audit, and Certification Support
βœ… Digital Tools for Risk, KPI, and Compliance Tracking

Our Impact

πŸ“Š 10+ organizations certified under ISO 27001 / ISO 20000
πŸ’‘ 3+ clients achieved CMMI Level 3–5 maturity
πŸ”’ 100% certification success rate for ISMS & ITSM projects
βš™οΈ Integrated ISO frameworks implemented across multiple industries

Industries We Serve

🏒 IT & ITES / Software Development
🏭 Pharma & Manufacturing IT Systems
βš™οΈ Engineering & Automation Firms
🏦 Financial & Data Management Companies
🌍 ESG & Digital Compliance Platforms

Our Promise

β€œWe build trust through secure systems, structured services, and sustainable processes.”
With SGQ INNOVATIONS, your IT systems don’t just comply β€” they perform, protect, and evolve.