We're currently finalizing our framework for ISO 27001:2022 update. The older version of the framework will stay available normally for the 36-month transition period, during which organizations can make the transition to the new standard version at any point they want.
The new ISO 27001:2022 requirements framework will largely follow the same principles as the previous version:
- Framework is divided into 3 levels: Core, Extended, Full
- 90% of the content of the standard is unchanged, so the same applies to the tasks related to the framework in Cyberday. However, the 2022 version brings in 11 new controls, for which you will see the recommended tasks pop up when you update version 2013 -> 2022.
Most significant changes in the update:
- The grouping / numbering of the standard's management means has clearly changed, as in the new version of the standard, the management means are grouped into 4 categories instead of the previous 14 categories (administrative, personnel-oriented, technical and physical)
- This division has already been used in Cyberday before, but for this, for example, the structure of the SoA report (i.e. the conformity report of ISO 27001 frameworks) changes
We will inform you more next week, when the framework is available in Cyberday! 👍