CMMI Consultant Blog

CMMI Frequently Asked Questions and their responses from CMMI Consultant(s)

  • Home
  • CMMI FAQ
  • CMMI Services
  • About Rajendra Khare
  • « Go to Parent Site – DQSIndia.com

Search CMMI Consultant Blog




New Version of ISO 27001 has arrived: ISO 27001:2022 (10-2022 Edition):

Standards 0


3rd November, 2022

New version of ISO 27001 arrives in October 2022: Picture Design: Rajendra Raj Khare

The third edition (2022-10) of International Standard ISO 27001 arrived in the last week of October 2022.
ISO 27001:2013, that became famous as the Information Security Management System Standard (ISMS), is now re-named ISO 27001:2022 – International Standard for Information Security, Cybersecurity and Privacy Protection – Information Security Management Systems – Requirements. The additional domains that have been added in the title itself are Cybersecurity and Privacy Protection. This in keeping with the contemporary trend of heightened importance that is given to cybersecurity and privacy protection along with information security.

The new Standard ISO 27001:2022 is a leaner document with 19-pages as compared to the previous version ISO 27001:2013 version which was 23 pages.

In contrast, the supporting Standard ISO 27002: 2022 related to Information Security Controls titled as Information Security, Cybersecurity and Privacy Protection – Information Security Controls now has acquired bulk and is now 152 pages in contrast to the previous version of ISO 27002:2013 which was just 80 pages.

The decrease in size in terms of number of pages of ISO 27001:2022 going down by 4 pages indicates an attempt to streamline and re-structure the Standard for better understanding and comprehension. Whereas, the increase in size of the ISO 27002:2022, that is related to guidance on information security control implementation, by huge 72 pages (90%), is an indication of the elaboration on the various methods of control implementation.

For general understanding, all of us know that ISO 27001 is the Certification Standard used as a criteria for Certification and Surveillance Audits whereas ISO 27002 is the Guidance Standard which provides inputs and elaborations on how to implement various security controls. The transition time for certificate-transitioning from 2013 version to 2022 version would be three years from now.
As compared to the 14 clauses of ISO 27001:2013 Version of the Standard, the ISO 27001:2022 just has 04 main clauses – Organizational Controls, People Control, Physical Controls and Technological Controls. Another important change to be noted is that the categorization of controls (there used to be 114 controls under 35 categories in the ISO 27001:2013) has been abolished and the new ISO 27001:2022 now has 93 controls directly linked to the 04 main clauses.

Here is a bird’s eye-view comparison of the ISO 27001:2013 and ISO 27001:2022 Standard:

Bird’s Eye-view Comparison of ISO 27001:2013 and the ISO 27001:2022

Share this:

  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)

Like this:

Like Loading...

Related


Published by CMMI Consultant


COMPARISION ISO 27001 2013 AND 2022, ISMS, ISO, ISO 27001, ISO 27001 Certification, ISO 27001 NEW STANDARD, ISO 27001:2013, ISO 27001:2022



Previous Post

Lesser-known Sector-specific Quality Management System Standards AND Guidelines based on ISO 9001

Leave a Reply Cancel reply


Sidebar

Author: Rajendra Khare


Rajendra's LinkedIn Profile
Rajendra is a qualified and certified Lead Appraiser and Instructor for the following :

  • SCAMPI High Maturity Lead Appraiser (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Development (Certified)
  • CMMI Institute-Certified SCAMPI v1.3 Lead Appraiser for Services (Certified)
  • CMMI Institute-Certified Introduction to CMMI-DEV v1.3 Instructor (Certified)
  • CMMI Institute-Certified Services Supplement for CMMI-DEV Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 2 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified CMMI-DEV Level 3 for Practitioners Instructor (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Acquisition (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Development (Certified)
  • CMMI Institute-Certified SCAMPI B & C Team Leader for Services (Certified)

Rajendra is Lead Assessor for ISO 9001 (QMS), ISO 14001 (EMS), OHSAS 18001 (OHSMS) since 1994

International Automotive Task Force (IATF) approved Lead Assessor for Automotive Standard TS 16949:2009

Lead Assessor for ISO 27001 (ISMS) and ISO 20000-1 (ITSM)

Rajendra has 25 years experience in the industry.

Tags

cmmi cmmi-acq cmmi-dev cmmi-svc cmmi appraisal CMMI Assessment cmmi benefits CMMI Certification cmmi consultant cmmi consultants cmmi consulting cmmi faq CMMI for Acquisition cmmi for development cmmi for services cmmi high maturity cmmi implementation cmmi institute cmmi maintenance cmmi maturity level cmmi maturity level 2 cmmi maturity level 3 cmmi model cmmi process cmmi process improvement cmmi services configuration management dqs india high maturity Information Security iso 9001 maturity level metrics opd organizational training pal PPQA process improvement qms requirements management risk risk management sam sepg supplier agreement management
© 2023 Copyright © 2017 CMMI Consultant Blog.
Back to top
 

Loading Comments...
 

    %d bloggers like this: