•  094401-51053
  •  info@sgqInnovations.com
ISO CONSULTANTS
  •   About SGQ  
    •   Our Vision
    •   Quality Policy
    •   Why SGQ
  •   Certifications  
    •   Quality
    •   Environment
    •   Food Safety Management
    •   Health & Safety
    •   Energy Management
    •   Pharma
    •   IT Management System
    •   Medical Device Quality
    •   Laboratory & Hospital
    •   Process Improvements
    •   Social
    •   Engineering Services
    •   Specialised Services
    •   Product Certification
  •   Trainings
  •   Clients
  •   Contact Us
  •   About SGQ  
    •   Our Vision
    •   Quality Policy
    •   Why SGQ
  •   Certifications  
    •   Quality
    •   Environment
    •   Food Safety Management
    •   Health & Safety
    •   Energy Management
    •   Pharma
    •   IT Management System
    •   Medical Device Quality
    •   Laboratory & Hospital
    •   Process Improvements
    •   Social
    •   Engineering Services
    •   Specialised Services
    •   Product Certification
  •   Trainings
  •   Clients
  •   Contact Us

IT Management System

Latest News
"New versions of BRC FOOD ISUUE 09/ISO 27001:2022 has been released, please update your systems as per the new version."     "Are You planning for AWS Water Stewardship 2.0 certification for your organisation, Please call 9440151053"
Enquiry Form
* indicates required field
CAPTCHA
Refresh

Changes in the ISO 27001:2022 management system

The text of the mandatory clauses 4 through 10 has changed only slightly, mainly to align with ISO 9001, ISO 14001, and other ISO management standards, and with Annex SL.

Here’s a brief overview of the changes in ISO 27001:2022:

  • In clause 4.2 (Understanding the needs and expectations of interested parties), item (c) was added requiring an analysis of which of the interested party requirements must be addressed through the ISMS.
  • In clause 4.4 (Information security management system), a phrase was added requiring planning for processes and their interactions as part of the ISMS.
  • In clause 5.3 (Organizational roles, responsibilities and authorities), a phrase was added to clarify that communication of roles is done internally within the organization.
  • In clause 6.2 (Information security objectives and planning to achieve them), item (d) was added that requires objectives to be monitored.
  • Clause 6.3 (Planning of changes) was added, requiring that any change in the ISMS needs to be done in a planned manner.
  • In clause 7.4 (Communication), item (e) was deleted, which required setting up processes for communication.
  • In clause 8.1 (Operational planning and control), new requirements were added for establishing criteria for security processes, and for implementing processes according to those criteria. In the same clause, the requirement to implement plans for achieving objectives was deleted.
  • In clause 9.3 (Management review), the new item 9.3.2 c) was added that clarifies that inputs from interested parties need to be about their needs and expectations, and relevant to the ISMS.
  • In clause 10 (Improvement), the subclauses have changed places, so the first one is Continual improvement (10.1), and the second one is Nonconformity and corrective action (10.2), while the text of those clauses has not changed.

The structure of ISO 27001 – Annex A has undergone a complete overhaul. The updated version of ISO 27001 has been restructured and revised.

First, the modified ISO 27001 does not identify with the commonly used phrase ‘code of practice’. This helps outline its purpose through the set of information security controls.

Secondly, the number of controls has decreased from 114 to 93 in the new version of ISO 27001. These security controls are now divided into four chapters instead of the previous 14. The new domains of ISO 27002:2022 are:

  • Chapter 5: Organizational (37 controls)
  • Chapter 6: People (8 controls)
  • Chapter 7: Physical (14 controls)
  • Chapter 8: Technology (34 controls)

In the newly revised ISO 27001, 35 controls remained unchanged, 23 controls have been renamed, and 57 controls have been merged to form 24 controls. Only one control was divided into two: Control 18.2.3 – Technical Compliance Review has been split into 8.8 – Management of technical vulnerabilities and 5.3.6 – Conformity with policies and standards of information security. Eleven new controls have been added to the latest version:

  • Threat Intelligence
  • Physical security monitoring
  • Data masking
  • Information security for cloud services
  • Monitoring activities
  • ICT readiness for business continuity
  • Data leakage prevention
  • Configuration management
  • Web filtering
  • Information deletion
  • Secure coding

The merging and addition of new controls create five major security attributes that make them easier to group. They are control types, operational capabilities, security domains, cybersecurity concepts, and information security properties.

We Are Serving At
  •   ISO Certification in Andhra Pradesh
  •   ISO Certification in Guntur
  •   ISO Certification in Kakinada
  •   ISO Certification in Kurnool
  •   ISO Certification in Rajahmundry
  •   ISO Certification in Tirupati
  •   ISO Certification in visakhapatnam
  •   ISO Certification in Vijayawada
Certification on
  •   Quality
  •   Environment
  •   Food Safety Management
  •   Health & Safety
  •   Energy Management
  •   Pharma
  •   IT Management System
Certification on
  •   Medical Device Quality
  •   Laboratory & Hospital
  •   Process Improvements
  •   Social
  •   Engineering Services
  •   Specialised Services
  •   Product Certification
Contact Us
SGQ Innovations
F-403, Balaji Villa,
     A.S.Raju Nagar, Kukatpally,
     Hyderabad-72.
09542471053
09440151053
ceo@sgqinnovations.com
ISO CONSULTANTS
Copyright © 2016 SGQ Innovations. All rights reserved. Website Design by BWT