ISO 27001: 2022
Numerous high-profile incidents, involving both malicious attacks and simple accidental data loss, serve to illustrate the importance of good IT security; and ISO 27001: 2022 – Information security, cybersecurity and privacy protection – Information Security Management Systems – Requirements (2022) is a key standard for demonstrating that effective information security governance is in place.
Having a good Information Security Policy will give assurance to your customers, investors, suppliers and other key parties, and is a key element of ISO 27001: 2022
Cambridge Risk Solutions provides assistance to organisations seeking to achieve or maintain certification to ISO 27001: 2022.
As with ISO 22301, our services include gap analysis, development of management systems preparing policies for information security, and delivery of internal audits, as well as training to ensure that you have the capability to be able to manage your Information Security Management System (ISMS).
ISO 27001 has recently been re-published following amendments to the number of ‘controls’, with details guidance given to the controls in ISO 27002.
ISO 27001 Controls
The ‘controls’ are the mechanisms by which identified risks to information security are managed.
The revision to the standard has changed the way that the controls are listed and grouped
- There are now four key areas:
Organisational, People, Physical and Technological, replacing the original 14 in the previous edition - 93 Controls are listed have decreased from 114 to 93
The original 114 controls have been merged, removed and updated, with some new controls added - There is a new concept of ‘attributes’
Five attributes have been introduced:- Control type
- Information security properties
- Cybersecurity concepts
- Operational capabilities
- Security domains
To support these controls, a number of policies for information security will be needed; Cambridge Risk Solutions can help you to ensure that you have the right policies in place.
Since the initial publication of ISO 22301 in 2012 and ISO 27001 in 2013, the benefits to organisations of integrating their IT security and business continuity management systems have become very clear; and by offering consultancy support for both standards, we can help clients to achieve this.
We are happy to answer any questions about Business Continuity, Crisis Management, Information Security, Data Protection and Product Recalls.
How Can Cambridge Risk Solutions Help?
Cambridge Risk Solutions provides a range of services to assist with the implementation of Information Security, and have an experienced ISO 27001 Lead Auditor who can assist with readiness for certification to ISO 27001:2022
View some case studies of recent Information Security and ISO 27001 projects.