ISO/IEC 27001:2022

Clients who have purchased ISO/IEC 27001:2022 will automatically receive BS EN ISO/IEC 27001:2023+A1:2024 when it becomes available.

A tracked changes version of this standard is available. ISO/IEC 27001:2022 TC is the latest version of the standard that includes the original standard content and recent changes. Shop now.

What is ISO/IEC 27001 - Information security management systems about?

This document is the cornerstone of the international ISO/IEC 27000 series of standards on information security management. Very widely used and globally recognized, ISO/IEC 27001 provides requirements for the development and operation of an information security management system (ISMS). Organizations operating an ISMS may have its conformity audited and certified.

Who is ISO/IEC 27001 - Information security management systems for?

Information security professionals and management across the public and private sectors and commercial and non-profit organizations, as long as they create, collect, process, store, transmit and dispose of information in various forms including electronic, physical and verbal (e.g. conversations and presentations). Typical users will be:

• Chief Information Security Officers (CISOs)
• Cyber security risk analysts/advisors
• Information security consultants
• Risk managers in compliance and information security

What does ISO/IEC 27001 - Information security management systems cover?

ISO/IEC 27001 specifies requirements for:

• Establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks
• The implementation of security controls customized to the needs of individual organizations or parts thereof

The requirements set out in ISO/IEC 27001 are generic and intended to be applicable to all organizations, regardless of type, size and nature.Why should you use ISO/IEC 27001  - Information security management systems?

• BS EN ISO/IEC 27001 helps organizations secure their information assets, operate efficiently and build their resilience
• It mandates the creation of an ISMS that is proportionate to each business’s risk profile
• It reflects the up-to-date consensus of industry experts, including the latest control management best practices
• It shows stakeholders that your ISMS is operating to the highest standard and builds confidence in your business
• The reordering of clauses in line with ISO’s harmonized structure make it easier to integrate the implementation of this standard with other ISO management systems
• It underpins stronger business continuity management and compliance
• It can reduce information security costs
• It can be a vehicle for effective staff training and awareness of information security issues

ISO/IEC 27001 contributes to UN Sustainable Development Goal 9 on industry, innovation and infrastructure.

What’s new about ISO/IEC 27001:2022?

This is a revision of ISO/IEC 27001:2013. The significance of the new (third) edition ISO/IEC 27001:2022 is to realign it with ISO/IEC 27002:2022 Information Security Controls. Therefore, it incorporates the revisions of:

• ISO/IEC 27001:2013
• ISO/IEC 27001:2013/Cor 1:2014 (correction to Annex A)
• ISO/IEC 27001:2013/Cor 1:2015 (correction of the ambiguity in one of the requirements)

And the merge of:

• ISO/IEC 27001:2013/DAmd 1 (which has replaced Annex A in its entirety)

Enhance your skills with BSI Academy training courses and qualifications

Embed best practice and help secure your organizations data and infrastructure with BSI Academy’s range of ISO 27001 training courses.

Completing effective training equips you with the skills to continually review and refine the way you protect your information, not only for today, but also for the future.

View our training courses - only available via BSI Academy