BSI LAUNCHES ISO/IEC 27001 - INFORMATION SECURITY MANAGEMENT SYSTEMS - A LEAP FORWARD IN ISMS EFFECTIVENESS

News provided by

British Standards Institution (BSI)

02 Nov, 2022, 11:47 GMT

LONDON, Nov. 2, 2022 /PRNewswire/ -- BSI, in its role as the National Standards Body (NSB), has officially launched the revised ISO/IEC 27001 Information security management systems. The updated standard helps companies secure their information assets – crucial in today's world where the number and complexity of cyberattacks are rising.

As organizations become more digitized, cybercriminals' methods have become increasingly sophisticated. Without the right information security protection, your business is at risk. After a breach, 21% of companies reported losing money, data, or assets, while one in three reported suffering wider business disruption such as lost staff time.

ISO/IEC 27001:2022 Information security management systems is the flagship of the ISO/IEC 27000 family of standards, which was first published over 20 years ago. These standards offer tools to mitigate the risks of breaches and cybercrime by implementing a robust information security management system (ISMS). Their adoption can help inspire trust in business and provide opportunities to train staff, leading to a more productive way of working.

Scott Steedman, Director-General, Standards at BSI, said:

"Using a best practice system for the management of information security has never been more important. This latest revision of the popular international and British standard BS ISO 27001 ensures that organizations have access to the latest thinking on how to protect their information assets through an information security management system (ISMS), which is a set of internal processes and systems that helps keep information safe and secure. I am pleased to see that this standard, originally published over 20 years ago, continues to evolve to keep pace with market needs."

While the standard's focus is identifying and managing information security risks, adopting its guidance offers much broader benefits to business than just protecting data. It can help organizations:

  • Reduce the likelihood of a data breach, which could result in reputational damage or fines
  • Built trust with existing clients and customers and appeal to new ones by boosting your reputation
  • Improve efficiency and productivity across the entire organization
  • Ensure business continuity in the event of an attempted cyber attack
  • Reduce information security costs by assessing risks and employing a more selective approach

To learn more about implementing ISO/IEC 27001:2022 into your organization, download our 'Adopting ISO/IEC 27001 - Your next steps'.

Notes to Editors:

For more information regarding the standard, please visit: https://knowledge.bsigroup.com/products/information-security-cybersecurity-and-privacy-protection-information-security-management-system-requirements/standard.

What are the key changes to ISO/IEC 27001 and why do they matter?

Triggered by the revision of ISO/IEC 27002:2022 Information security controls in February 2022, ISO/IEC 27001 has been revised to bring its guidance up to date with the current technological landscape.

While there are no major technical changes in this latest version of the standard, the amendment introduces several key business benefits. These include:

Reinforced resilience

Change: The guidance of ISO/IEC 27001 continues to be under a process of constant evolution.

Business benefit: The technology used by cybercriminals has come a long way in the five years since ISO/IEC 27001 was last updated. This latest iteration of the standard has the up-to-date consensus of industry experts to ensure that its guidance remains as effective as ever in keeping your information assets resilient against today's risks. These frequent revisions ensure that it remains one of the most relevant risk management tools for fighting off the millions of attacks that occur globally each year.

A catalyst for conformance

Change: Some editorial changes have been made in ISO/IEC 27001 to fix text that is out of line with the latest version of the ISO/IEC Directives Part 1, 2022.

Business benefit: This change ensures the conformance of ISO/IEC 27001 on a global level. For businesses, this means that using the ISO/IEC 27001 specification can help give your organization a reputation for digital trust - assuring your clients that your information security management system has been developed to the highest standards.

Continuous control

Change: The guidance in ISO/IEC 27001 has been realigned to the updated content in ISO/IEC 27002: 2022 Information security controls, including a revision to Annex A.

Business benefit: This change to the specifications in ISO/IEC 27001 ensures your ISMS is operating to up-to-date control management best practices. It gives you continuous protection of your assets by making your security controls relevant to the current technology landscape and threats, reducing the risk of a cyber breach occurring, and making your processes more robust.

Learn more about the changes to ISO/IEC 27002 by reading our article 'The 4 pillars of control: A modern approach to information security controls', here's a link to the article: https://knowledge.bsigroup.com/articles/the-4-pillars-of-control-a-modern-approach-to-information-security.

Effective implementation

Change: There has been a reordering of clauses in ISO/IEC 27001 to ensure alignment with the harmonized structure for management system standards.

Business benefit: This change ensures that ISO/IEC 27001:2022 continues to fit the high-level structure used in all management system standards (e.g. ISO 9001ISO 14001, etc.). This has been put in place to help organizations that are implementing more than one management system standard at a time, achieve effective adoption of these processes.

Current users of ISO/IEC 27001:2017 will need to conform with the newly published 2022 revision, as the previous version will be withdrawn after a short transition period.

Want to have access to all your information security standards in one place? A BSI Knowledge subscription gives you instant access to the resources you need to improve your information management system. The flexibility and visibility it provides enable you and your team to get the most from standards - from cybersecurity and digital trust to technological transformation.

More information about the standard can be found here: https://knowledge.bsigroup.com/products/information-security-cybersecurity-and-privacy-protection-information-security-management-system-requirements/standard.

About BSI

BSI is appointed by the UK Government as the National Standards Body and represents UK interests at the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC) and the European Standards Organizations (CEN, CENELEC and ETSI). BSI traces its origins to 1901 and became the world's first National Standards Body. Its role is to help improve the quality, safety and integrity of products, services, and systems by facilitating the creation and maintenance of consensus based, market led standards and encouraging their use. BSI publishes over 2,700 standards annually and withdraws over 1,500 old or superseded standards using a collaborative approach, engaging with industry experts, government bodies, trade associations, businesses of all sizes and consumers to develop standards that reflect good practice.

To learn more about standards, please visit: www.bsigroup.com/standards and for the National Standards Body: www.bsigroup.com/nsb.