{"id":9685,"date":"2022-11-10T16:32:11","date_gmt":"2022-11-10T16:32:11","guid":{"rendered":"https:\/\/www.dionach.com\/?p=9685"},"modified":"2025-01-20T08:47:14","modified_gmt":"2025-01-20T08:47:14","slug":"changes-in-the-iso-27001-2022-revision","status":"publish","type":"post","link":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/","title":{"rendered":"Changes in the ISO 27001: 2022 Revision"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Changes in the ISO 27001: 2022 Revision<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Overview<\/strong><\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The new version of the ISO 27001:2022 standard was released in October 2022, following the release of the revised ISO 27002:2022 guidance in February 2022.<\/p>

\u00a0<\/p>

Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025. Many organisations are expected to transition in 2023, and most should have transitioned before the end of 2024.<\/p>

\u00a0<\/p>

Certification bodies must start doing audits against ISO 27001:2022 by October 2023, although many will be doing it much sooner.<\/p>

\u00a0<\/p>

The 2022 version of ISO 27001 has one major change: Annex A has been re-organised, with a move from 114 controls in 14 sections in ISO 27001:2013, down to 93 controls in 4 sections in ISO 27001:2022. The main ISMS clauses 4 to 10 have had several minor updates.<\/p>

\u00a0<\/p>

Of the 93 Annex A controls in the new version, there are 11 new controls, 24 controls are made up of merged controls from the old version, and 16 controls have additional requirements.<\/p>

\u00a0<\/p>

Although there are new controls and some additional requirements, many organisations should have much of the new requirements in place, if not formally.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Clauses 4 to 10 Changes<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

There are several minor updates to the mandatory clauses.<\/p>

\u00a0<\/p>

For clause 4.2, understanding the needs and expectations of interested parties, clause 4.2 (c) was added which needs the organisation to determine which relevant requirements of interested parties will be addressed through the ISMS.<\/p>

\u00a0<\/p>

Although now new, clause 6.1.3 on information security risk treatment splits out the requirements for a Statement of Applicability into bullet points to emphasise that these points are not optional. The specific points to highlight are the justification of inclusion for the necessary controls and justification for exclusion of any of the Annex A controls.<\/p>

\u00a0<\/p>

Clause 8.1 for operational planning and control adds that organisations planning and implementing processes to meet ISMS requirements need to:<\/p>

  • Establish criteria for the processes<\/li>
  • Implement control of the processes in accordance with the criteria<\/li><\/ul>

    \u00a0<\/p>

    For 9.1 monitoring, measurement, analysis and evaluation of performance, now the methods selected should produce comparable and reproducible results to be considered valid. As a final point for 9.1, the organization now should evaluate the information security performance and the effectiveness of the information security management system, although this should be covered in the management review.<\/p>

    \u00a0<\/p>

    There is an additional input for the management review in clause 9.3.2: changes in needs and expectations of interested parties that are relevant to the information security management system.<\/p>

    \u00a0<\/p>

    So, there are now major changes to clauses 4-10. Clearly with the re-organisation of the Annex A controls, the Statement of Applicability needs reworking, and this is a good opportunity to make sure that the Statement of Applicability has clear justifications for the inclusion or exclusion of each control where applicable.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    New Annex A Controls<\/strong><\/h2>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The 11 new Annex A controls are as follows:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Many organisations will have these new controls in place already, if not formally. Dionach go into more detail on these new controls in the ISO 27002 two-part blog<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Annex A Controls with Additional Requirements<\/strong><\/h2>

    The Annex A controls that have additional control requirements that organisations should consider are:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

    \n\t\t\t\t\t\t
    \n\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Some of these just have minor changes, although these may affect an organisation\u2019s approach. For example, 5.1 policies for information security adds that policies shall be acknowledged by relevant personnel and relevant interested parties. Many organisations may already be doing this, and it is now a formal requirement.<\/p>

    \u00a0<\/p>

    A few examples of more significant changes are as follows.<\/p>

    \u00a0<\/p>

    For 5.19 Information security in supplier relationships, the control now requires processes and procedures to be defined and implemented to manage the information security risks associated with the use of supplier\u2019s products or services. In the 2013 version of the standard the 15.1.1 control specifies documenting and agreeing information security requirements.<\/p>

    \u00a0<\/p>

    For 5.24 Information security incident management planning and preparation, the control now requires that an organisation plan and prepare for managing information security incidents by defining, establishing, and communicating information security incident management processes, roles, and responsibilities. The 2013 version is less specific and just requires management responsibilities and procedures in the 16.1.1 control. Organisations need to implement a formal incident response plan based on incident response phases if they haven\u2019t already. The ISO 27035 series provides guidance on information security incident management.<\/p>

    \u00a0<\/p>

    For 8.4 Access to source code, the control specifies that read and write access to source code, development tools and software libraries shall be appropriately managed. The 2013 version of the 9.4.5 control only stated that access to program source code shall be restricted.<\/p>

    \u00a0<\/p>

    As you can see with the examples, they may be significant changes for some organisations, however it is likely that many organisations will already have these additional requirements in place.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t

    Summary<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Transitioning to ISO 27001:2022 should be straightforward for organisations once they understand the changes. Many organisations should transition as soon as practical for them, as some of the new Annex A controls reflect more modern cyber security practices, which will be changes they have already made to their ISMS since the 2013 version.<\/p>

    \u00a0<\/p>

    Contact Dionach to get help with transitioning to ISO 27001:2022. Dionach provide an ISO 27001:2022 transition gap assessment to help you understand the changes and to provide you with an action list for transitioning.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

    Changes in the ISO 27001: 2022 Revision Overview The new version of the ISO 27001:2022 standard was released in October 2022, following the release of the revised ISO 27002:2022 guidance in February 2022. \u00a0 Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025. Many organisations are […]<\/p>\n","protected":false},"author":12,"featured_media":9713,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-9685","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","wpbf-post"],"contentshake_article_id":"","yoast_head":"\nChanges in the ISO 27001: 2022 Revision<\/title>\n<meta name=\"description\" content=\"The new version of the ISO 27001:2022 standard was released in October 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Changes in the ISO 27001: 2022 Revision\" \/>\n<meta property=\"og:description\" content=\"The new version of the ISO 27001:2022 standard was released in October 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-10T16:32:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-20T08:47:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach by Nomios\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach by Nomios\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/\"},\"author\":{\"name\":\"Dionach by Nomios\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/ed6aa44da446ce6779a295157df0d451\"},\"headline\":\"Changes in the ISO 27001: 2022 Revision\",\"datePublished\":\"2022-11-10T16:32:11+00:00\",\"dateModified\":\"2025-01-20T08:47:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/\"},\"wordCount\":977,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1\",\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/\",\"name\":\"Changes in the ISO 27001: 2022 Revision\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1\",\"datePublished\":\"2022-11-10T16:32:11+00:00\",\"dateModified\":\"2025-01-20T08:47:14+00:00\",\"description\":\"The new version of the ISO 27001:2022 standard was released in October 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/changes-in-the-iso-27001-2022-revision\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/homepage-usa\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Changes in the ISO 27001: 2022 Revision\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/ed6aa44da446ce6779a295157df0d451\",\"name\":\"Dionach by Nomios\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g\",\"caption\":\"Dionach by Nomios\"},\"sameAs\":[\"http:\\\/\\\/Dionach\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Changes in the ISO 27001: 2022 Revision","description":"The new version of the ISO 27001:2022 standard was released in October 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Changes in the ISO 27001: 2022 Revision","og_description":"The new version of the ISO 27001:2022 standard was released in October 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025.","og_url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2022-11-10T16:32:11+00:00","article_modified_time":"2025-01-20T08:47:14+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1","type":"image\/jpeg"}],"author":"Dionach by Nomios","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach by Nomios","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#article","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/"},"author":{"name":"Dionach by Nomios","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/ed6aa44da446ce6779a295157df0d451"},"headline":"Changes in the ISO 27001: 2022 Revision","datePublished":"2022-11-10T16:32:11+00:00","dateModified":"2025-01-20T08:47:14+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/"},"wordCount":977,"publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1","articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/","name":"Changes in the ISO 27001: 2022 Revision","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#primaryimage"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1","datePublished":"2022-11-10T16:32:11+00:00","dateModified":"2025-01-20T08:47:14+00:00","description":"The new version of the ISO 27001:2022 standard was released in October 2022. Organisations have 3 years to transition from ISO 27001:2013 to ISO 27001:2022, with the deadline being October 2025.","breadcrumb":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/changes-in-the-iso-27001-2022-revision\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/homepage-usa\/"},{"@type":"ListItem","position":2,"name":"Changes in the ISO 27001: 2022 Revision"}]},{"@type":"WebSite","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/ed6aa44da446ce6779a295157df0d451","name":"Dionach by Nomios","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/175b11c7f601b43fdf197d3d5c39805acf0e97b19ca7a4c4aa333ac557e98a09?s=96&d=mm&r=g","caption":"Dionach by Nomios"},"sameAs":["http:\/\/Dionach"]}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2022\/11\/iso_27001_800x533.jpg?fit=800%2C533&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-2wd","_links":{"self":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/9685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/comments?post=9685"}],"version-history":[{"count":0,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/9685\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media\/9713"}],"wp:attachment":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media?parent=9685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/categories?post=9685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/tags?post=9685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}