ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization. ISO 27002 is an international standard used as a reference, with guidance on the best practices in implementing the requirements and controls of ISO 27001. An organization can get a certification against ISO 27001, but not against ISO 27002.
Main changes to ISO 27002:2022
ISO 27002:2022 has been released by ISO on Feb 15, 2022. The number of information security controls decrease from 114 controls to 93 controls, covered in 4 sections instead of 14 sections in the former version.
- Organizational controls (clause 5)
- People controls (clause 6)
- Physical controls (clause 7)
- Technological controls (clause 8)
With 11 new controls, the new version of ISO 27002 didn’t delete any former controls, but some of them were merged.
Impact to ISO 27001 from ISO 27002:2022
An amendment to ISO 27001:2013 (referred to as ISO 27001:2013+A1:2022) is in progress, which is expected to release in 2022.
- The changes to ISO 27002:2022 will be reflected in Annex A of ISO/IEC 27001.
- The main part of ISO 27001 (i.e. Clauses 4 to 10) will remain no change.
- Number of controls decrease from 114 to 93.
- Controls are categorized into 4 sections instead of previous 14.
- There are 11 new controls, while none of the controls was deleted, and some controls were merged.
You can click here to learn more about ISO 27001 and ISO 27002 and their recent changes.
Transition
After release of “ISO 27001:2013+A1:2022” later, a transition period will be anticipated, for the ISO 27001:2013 certified organizations to update and implement their ISMS against the revised standard.
Support by DQS
- DQS is a global certification body providing accredited ISO 27001:2013 ISMS certification and ISO 27701:219 PIMS Certification service.
- DQS Academy is delivering public training courses to help customers understand the standard.
ISO 27001 在2022年的變更
ISO 27001 規定了在組織範圍內建立、實施、維護和持續改進信息安全管理系統的要求。 ISO 27002 是一個用作參考的國際標準,為實施 ISO 27001 要求和控制的最佳實踐提供指導。組織可以獲得 ISO 27001 認證,但 ISO 27002 不是認證標準。
ISO 27002:2022 的主要變化
ISO 27002:2022 已於 2022 年 2 月 15 日由國際標準組織發布。在新版的ISO 27002中,資訊安全控制的數量從 114 個減少到 93 個,分為 4 個部分,而不是之前版本的 14 個部分。
- 組織控制(第 5 條)
- 人員控制(第 6 條)
- 物理控制(第 7 條)
- 技術控制(第 8 條)
新版 ISO 27002 新增了 11 個控件,並沒有刪除任何以前的控制,但其中一些被合併了。
ISO 27002:2022 對 ISO 27001 的影響
ISO 27001:2013 的修訂正在進行中,修訂後的 “ISO 27001:2013+A1:2022” 預計將於2022年發布。
- ISO 27002:2022 的更改將反映在 ISO/IEC 27001 的附錄 A 中;
- ISO 27001 的主要部分(即第 4 至 10 條)將保持不變;
- 控制數量從 114 減少到 93;
- 控件分為 4 個部分,而不是之前的 14 個;
- 新增11個控制,沒有刪除任何控制,合併了一些控制。
可以單擊此處了解有關 ISO 27001 和 ISO 27002 及其更改的更多資訊。
过渡
在”ISO 27001:2013+A1:2022″發佈後,預計將會有一個過渡時期,讓已經獲得 ISO 27001:2013 認證的組織按照修訂的標準更新和實施其資訊安全管理體系。
DQS 的專業服務:
- DQS 是提供獲得國際性認可的 ISO 27001:2013 資訊安全管理系統認證 和 ISO 27701:2019 私隱資訊管理系統認證 服务的全球性專業認證機構之一。
- DQS學堂 提供培訓課程,協助客戶理解標準要求。
