ISO/IEC 27001:2022 Transition Notes – Part 1

The new version of the ISO standard for information security management has now launched and there are a number of changes that need to be made to existing management systems in order to comply with the new version by the deadline of 31st October 2025.

For the Annex A controls, the previous 114 controls from the 2013 standard have been combined into 82 controls. There are 11 brand new controls to be considered for applicability, giving a new total of 93 controls to be considered for adoption in order to treat information risks faced by the organisation.

The 93 controls have been split across 4 separate categories covering Organisational, People, Physical and Technological.

Further notes to follow…..