Have you heard the news? The bestselling international information security management system standard BS EN ISO/IEC 27001 has been revised. This standard helps companies secure their information assets – crucial in today's world where the number and complexity of cyberattacks are rising.

As organizations become more digitized, cybercriminals’ methods have become increasingly sophisticated.

Without the right information security protection, your business is at risk. After a breach, 21% of companies reported losing money, data, or assets, while 1 in 3 reported suffering wider business disruption such as lost staff time.

BS EN ISO/IEC 27001:2023+A1:2024 Information security management systems. Requirements is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago. These standards give you the tools you need to mitigate the risks of breaches and cybercrime by implementing a robust information security management system (ISMS). Their adoption can help to inspire trust in your business, provide opportunities to train your staff, lead to more productive ways of working, result in better customer experiences, and more.

In particular, BS EN ISO/IEC 27001 helps organizations manage and protect their information assets through the implementation of an information security management system (ISMS). This refers to a set of internal processes and systems that helps you to keep your information safe and secure. Its guidance helps you to continually review and refine the way you do this, not only for today but also for the future.

This British Standard is the UK implementation of ISO/IEC 27001. It is identical to ISO/IEC 27001:2022. It does not supersede BS EN ISO/IEC 27001:2017, this version will be withdrawn once the European version is adopted. BSI, as a member of CEN, is obliged to publish the European version.

BSI requested for a derogation from CEN as its national standard is intended be identical to ISO/IEC 27001:2022. The request was granted by CEN, on the condition that BSI would align its national standard with any future EN that will be published on the subject.

Why should businesses adopt BS ISO/IEC 27001?

If your business handles any kind of data, such as staff personal records, payroll information, or confidential business data, then it can benefit from the protection BS EN ISO/IEC 27001 offers.

Without effective data security to protect your business, you’re at risk of a data breach. BS EN ISO/IEC 27001 offers an approach to keeping data safe that can be adopted by any business in any sector.

While the standard's focus is identifying and managing information security risks, adopting its guidance offers much broader benefits to your business than just protecting data. It can help your business to:

• Reduce the likelihood of a data breach, which could result in reputational damage or fines

• Built trust with existing clients and customers and appeal to new ones by boosting your reputation

• Improve efficiency and productivity across the entire organization

• Ensure business continuity in the event of an attempted cyber attack

• Reduce information security costs by assessing risks and employing a more selective approach

And it isn't just the large companies that can reap the benefits of BS EN ISO/IEC 27001. Small and medium-sized organizations are facing an information security crisis, with cyberattacks targeting them increasing at a rapid rate. Often, this is because they are part of a wider supply chain, so it’s essential that they are in control of, and manage, their information security and cyber-risks to protect themselves and others.

Discover the impact the adoption of our standards might have on your information security with our interactive tool.

What are the key changes to BS ISO/IEC 27001 and why do they matter?

Triggered by the revision of BS EN ISO IEC 27002 Information security controls in February 2022, BS EN ISO/IEC 27001 has been revised to bring its guidance up to date with the current technological landscape.

While there are no major technical changes in this latest version of the standard, the amendment introduces several key business benefits. These include:

Reinforced resilience

Change: The guidance of BS EN ISO/IEC 27001 continues to be under a process of constant evolution.

Business benefit: The technology used by cybercriminals has come a long way in the five years since BS EN ISO/IEC 27001 was last updated. This latest iteration of the standard has the up-to-date consensus of industry experts to ensure that its guidance remains as effective as ever in keeping your information assets resilient against today’s risks. These frequent revisions ensure that it remains one of the most relevant risk management tools for fighting off the millions of attacks that occur globally each year.

A catalyst for conformance

Change: Some editorial changes have been made in BS EN ISO/IEC 27001 to fix text that is out of line with the latest version of the ISO/IEC Directives Part 1, 2022.

Business benefit: This change ensures the conformance of BS EN ISO/IEC 27001 on a global level. For businesses, this means that using the BS EN ISO/IEC 27001 specification can help give your organization a reputation for digital trust - assuring your clients that your information security management system has been developed to the highest standards.

Continuous control

Change: The guidance in BS EN ISO/IEC 27001 has been realigned to the updated content in BS EN ISO/IEC 27002 Information security controls, including a revision to Annex A.

Business benefit: This change to the specifications in BS EN ISO/IEC 27001 ensures your ISMS is operating to up-to-date control management best practices. It gives you continuous protection of your assets by making your security controls relevant to the current technology landscape and threats, reducing the risk of a cyber breach occurring, and making your processes more robust.

Learn more about the changes to ISO/IEC 27002 by reading our article ‘The 4 pillars of control: A modern approach to information security controls’

Effective implementation

Change: There has been a reordering of clauses in BS EN ISO/IEC 27001 to ensure alignment with the harmonized structure for management system standards.

Business benefit: This change ensures that BS EN ISO/IEC 27001 continues to fit the high-level structure used in all management system standards (e.g. ISO 9001, ISO 14001, etc.). This has been put in place to help organizations that are implementing more than one management system standard at a time, achieve effective adoption of these processes.

To learn more about implementing BS EN ISO/IEC 27001:2023+A1:2024 into your organization, download our ‘Adopting ISO/IEC 27001 - Your next steps’ infographic.

Current users of ISO/IEC 27001:2017 will need to conform with the newly published 2022 revision, as the previous version will be withdrawn after a short transition period.

Want to have access to all your information security standards in one place? A BSI Knowledge subscription gives you instant access to the resources you need to improve your information management system. The flexibility and visibility it provides enable you and your team to get the most from standards - from cybersecurity and digital trust to technological transformation. Request to learn more.

Achieve better information security management in your business, by adding the revised BS EN ISO/IEC 27001:2023+A1:2024 to your collection today.