ISO/IEC 27001

• Best Practices From Securely Working Remotely

Now Available: ISO/IEC 27001:2022

The latest revision of the ISO/IEC 27001 standard was released in October 2022. A PDF of the standard is available for purchase on the ISO website. Here is some Q&A on important points that you should know:

Q: What has changed?
A: Fortunately, most of the changes to the standard were related to its structure and layout. The majority of controls remained in place, with only minor alterations to Annex A. Other planned changes include subtle changes around wording: Identity and Authentication Management will replace “password management,” User End Point Devices will not be used instead of “Mobile Devices,” and Asset Management” will now include an inventory of information. Due to the emergence of new vulnerabilities and technologies since the release of the 2013 standard, new controls will also be added, and include the introduction of hashtags (#) next to each control, in order to help you understand what elements or functions the control perform within the ISMS. (#preventative, #detective, #corrective).

Q: What will I need to re-certify to the new version?
A: Existing client’s transition period lasts until October 31, 2025. During this transition period, you will be able to update your ISMS with new controls, implement changes, and record training activities as appropriate. PJR will conduct a recertification audit against the new standard and issue a new certificate.

Q: What if I am new to certification?
A: As of April 30, 2024, only audits to ISO/IEC 27001:2022 will be conducted.

---

Your Journey to ISO 27001 (video) Series

ISO/IEC 27001 is the international standard for Information Security Management Systems (ISMS). It provides a model for risk assessment, security design and implementation, and security management. The standard specifies implementation and management guidelines to help keep your information safe.

ISO/IEC 27001 is the only international auditable standard for Information Security Management Systems. It provides independent assurance that your organization complies with legal, statutory, regulatory, and contractual requirements bearing sensitive information. Obtaining an ISO/IEC 27001 certification proves that you have taken necessary steps to protect sensitive information against unauthorized access.

Who needs ISO/IEC 27001?

Any organization that holds sensitive information is a candidate for ISO/IEC 27001 certification. In particular, companies in the healthcare, finance, public, and IT sectors can benefit greatly from a certified ISMS.

More Information on ISO/IEC 27001:

• What is ISO/IEC 27001?
• Cyber Security for Electronic Medical Devices
• What is an Information Security Management System?
• How ISO/IEC 27001 Provides Cyber Security for the Banking Industry?
• How ISO 27001 Can Protect Medical Organizations from Cyber Threats
• Overview of Certification

For more information on ISO/IEC 27001, contact PJR today at (248) 358-3388 or send a request to [email protected] for a Project Manager in your area!