Notice for clients: This British Standard is the UK implementation of ISO/IEC 27001. It is identical to ISO/IEC 27001:2022. It does not supersede BS EN ISO/IEC 27001:2017, this version will be withdrawn once the European version is adopted. BSI, as a member of CEN, is obliged to publish the European version.
For additional support on the contents of this standard, you can also download the BS ISO/IEC 27001:2022 Expert Commentary.
Widely used and globally recognized, BS ISO/IEC 27001:2022 provides requirements for the development and operation of an information security management system (ISMS) to mitigate the risks of breaches and cybercrime. It is the flagship document of the international ISO/IEC 27000 series of standards on information security management.
BS ISO/IEC 27001 enables organizations of all sectors and sizes to manage the security of assets such as financial information, intellectual property, employee data and information entrusted by third parties. It helps you to continually review and refine the way you do this, not only for today, but also for the future.
Learn more about why businesses choose to invest in information security standards here.
BS ISO/IEC 27001 helps organizations secure their information assets, operate efficiently and build their resilience. By adopting its guidance and changing your process to conform to its requirements, businesses can benefit from:
- Reduced cybersecurity risks
- Protected personal records and sensitive information
- Stronger business continuity management and compliance
- Reduced information security costs
- Effective staff training and awareness of information security issues
- Increased tendering opportunities
- Improved reputation and levels of trust from customers and employees
BS ISO/IEC 27001:2022 contributes to UN Sustainable Development Goal 9 on industry, innovation and infrastructure.
Discover how Risk Evolves – a UK-based consultancy firm – uses BS ISO/IEC 27001 to keep their clients’ data secure. Read their story here.
BS ISO/IEC 27001 was developed specifically so that it guidance could be used by businesses of every size and sector – from multi-nationals to SMEs. As long as they create, collect, process, store, transmit and dispose of information in various forms including electronic, physical and verbal (e.g. conversations and presentations), then this information security standard can be a valuable tool for an organization.
Typical users and implementers of the BS ISO/IEC 27001 standard will be:
- Chief Information Security Officers (CISOs)
- Cyber security risk analysts/advisors
- Information security consultants
- Risk managers in compliance and information security
Is BS ISO/IEC 27001 right for your business? Download our guide to see if BS ISO/IEC 27001 will help you achieve your information security objectives, and how big an impact it could have.
BS ISO/IEC 27001:2022 specifies requirements for:
- Establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks
- The implementation of security controls customized to the needs of individual organizations or parts thereof
The requirements set out in BS ISO/IEC 27001 are generic and intended to be applicable to all organizations, regardless of type, size and nature. Learn about how to implement its guidance in your business here.
Some other important information security standards include:
- BS EN ISO/IEC 27002 Information security, cybersecurity and privacy protection. Information security controls
- BS ISO/IEC 27003 Information technology. Security techniques. Information security management systems. Guidance
- BS ISO/IEC 27004 Information technology. Security techniques. Information security management. Monitoring, measurement, analysis and evaluation
- BS ISO/IEC 27005 Information security, cybersecurity and privacy protection. Guidance on managing information security risks
Browse the full BS ISO/IEC 27000 standard series here.
BS ISO/IEC 27001:2022 is a revision of ISO/IEC 27001:2013. The significance of the new (third) edition BS ISO/IEC 27001:2022 is to realign it with BS EN ISO/IEC 27002:2022 Information Security Controls.
Therefore, it incorporates the revisions of:
- ISO/IEC 27001:2013
- ISO/IEC 27001:2013/Cor 1:2014 (correction to Annex A)
- ISO/IEC 27001:2013/Cor 1:2015 (correction of the ambiguity in one of the requirements)
And the merge of:
- ISO/IEC 27001:2013/DAmd 1 (which has replaced Annex A in its entirety)
Learn more about what has changed in the latest BS ISO/IEC 27001:2022 version of the standard, and the benefits of those changes to your business by reading our article here.
Embed best practice and help secure your organizations data and infrastructure with BSI Academy’s range of ISO 27001 training courses.
Completing effective training equips you with the skills to continually review and refine the way you protect your information, not only for today, but also for the future.
View our training courses - only available via BSI Academy