- ISO’s 27002:2022 standard incorporates new infosec controls for businesses as they face new risks and security requirements.
- New controls span Cloud tech, AI, privacy, malware, ransomware, and cybersecurity.
- Businesses must update their current certificates by November 2025.
ISO released a 2022 update to its information security management system, ISO 27002. As information security becomes a more prevalent concern, ISO’s new standard aims to give additional security oversight tools to companies seeking a better picture of existing risks and needed security actions.
The main revisions appear in information security controls that reflect any novel situations companies may encounter. These changes include at least 11 new controls and 58 newly updated controls in the areas of Cloud technologies, AI, privacy, cybersecurity, malware, and ransomware. ISO also revised the standard to give updated risk management guidance and ensure that quality experts are aware of multiple factors. The ISO + IEC 27001 standard has been combined with the newest updates to ISO’s High-Level Structure (HLS).
Companies face a three-year transition timeline during which companies must update current certificates to ISO 27002:2022 by November 2025.
Leave a Reply
You must be logged in to post a comment.