paxmood.blogg.se - Iso 27001 2013 toolkit

Overall, when compared to the 2013 revision, the changes in the ISO 27001:2022 revision are small to moderate. ISO 27002 was first published in 1995 under the name of BS 7799-1, and in February this year the ISO 27002:2022 revision was published with the new structure of 93 controls – this exact same structure of controls was adopted by ISO 27001:2022, as explained below. The most important difference is that ISO 27002 is not mandatory for ISO 27001 certification, and a company cannot get certified against ISO 27002.

ISO 27001 should not be confused with ISO 27002 – the former one is the main standard against which you can certify your company, while the latter one is the supporting standard that provides guidelines on the implementation of security controls. You can see the changes between the 20 revisions of ISO 27001 in this article: Infographic: New ISO 27001 2013 revision – What has changed? The first version of ISO 27001 was published way back in 1999 under the name of BS 7799-2, and it has gone through several changes since then.

There are 11 new controls, while none of the controls were deleted, and many controls were merged.

The controls are placed into 4 sections, instead of the previous 14.

The number of controls has decreased from 114 to 93.

The changes in Annex A security controls are moderate.

The main part of ISO 27001, i.e., clauses 4 to 10, has changed only slightly.