21 Nov 2022
by David Mudd

ISO/IEC 27001 Transition: A Leap Forward in ISMS Effectiveness (Guest blog by BSI)

Guest blog by David Mudd, Assurance Global Head of Digital Trust at BSI

The new ISO/IEC 27001 update is here. ISO/IEC 27001:2022 has been designed to consistently align your infosec posture with the latest practices to help keep your online systems safe and your business compliant. David Mudd, Assurance Global Head of Digital Trust at BSI, shares the important reasoning into these new changes in this guest blog.

Why should we update?

The world’s working landscape has changed. Businesses are moving online to accommodate remote working and are increasingly reliant on cloud-based services. As these flexible digital practices evolve, so too do the risks of large-scale cyber attacks and security breaches. These breaches can impact your entire organization, with the potential for serious financial and reputational damage. The ISO/IEC 27001:2022 updates challenge these newly evolving threats. You can mitigate your organization’s overall business risks by implementing, operating, reviewing, maintaining and improving a documented ISMS. Furthermore, independent certification to global best-practice for Information Security Management differentiates your business and is increasingly becoming a prerequisite to do business.

If your business handles any data, such as personal staff records, payroll information, or confidential business data, it can benefit from the protection of ISO/IEC 27001:2022. Built to strengthen your defence, the new updates give more robust controls, enabling your business to address increasingly sophisticated security risks and ensure business resilience and continuity.

Benefits of ISO/IEC 27001:2022

The standard uses a risk-management approach to help guard against both external and internal threats, ranging from cyber-attacks to data breaches and human error. Take a look below at how the standard can help your business to:

  • Reduce the likelihood of a data breach and resultant fine or reputational damage
  • Boost your reputation and build trust with new and existing clients and customers
  • Embed efficiency and resilience across your organization
  • Ensure business continuity in the event of an attempted cyber attack
  • Risk assessment to identify cost-effective, selective approaches to best suit your business

ISO/IEC 27001:2022 can work for everyone. Regardless of your business size, from SMEs to global organizations, you can benefit from all of the above and more.

What’s new?

The transition brings several updates to align with the ISO-harmonized approach and to keep you up to date with the current technological landscape. You can expect to see the following:

  • Updated controls aligned with current business practices and associated threats
  • New “attributes” to enable alignment with different risk management methodologies, including global cybersecurity frameworks
  • Simplified and streamlined grouping of controls
  • Greater clarity on management requirements in line with ISO Harmonized Structure

How do I start the transition?

It’s simple to get started with transitioning your old certificate to ISO 27001:2022. BSI is ready to support you with our transition audit, which can help identify how to strengthen knowledge gaps, processes, and activities for your business.

Find out more about the transition here: https://bit.ly/3UU1xaI  


David Mudd

David Mudd

Assurance Global Head of Digital Trust, BSI