BS EN ISO/IEC 27001:2023 ExComm

What is BS EN ISO/IEC 27001:2023 - Expert Commentary about? 

BS EN ISO/IEC 27001:2023 is the third edition of this standard. It technically revises, cancels, and replaces the Second Edition – ISO/IEC 27001:2013 (also published as BS EN ISO/IEC 27001:2017). BS EN ISO/IEC 27001:2023 presents the requirements for
an information security management system (ISMS). An ISMS assists an organization to preserve the confidentiality, integrity,
and availability of information, in the face of an ever-changing threat landscape, no matter the source of risk. Thus, it deals
with threats that can be technological, human, physical and environmental in nature.

The standard requires an organization to adopt a risk management framework to determine the necessary information
security controls best suited to their business needs and risk appetite. To help organizations ensure that they have not
inadvertently omitted any necessary control, the framework uses a reference set of controls (BS ISO/IEC 27001, Annex A),
which also facilitates reliable comparisons to be drawn between organizations.
The level of change incorporated into the revised version of the standard is medium.

The main changes compared to the previous edition are:

• a fully revised reference information security control set (Annex A), which now aligns with BS EN ISO/IEC 27002:2023; and
• alignment with the revised harmonized structure (HS) for management system standards.