Following the release of ISO/IEC 27002:2022 in February 2022, ISO/IEC 27001:2022 was released on 25 October 2022, specifying the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of an organisation, as well as requirements for the assessment and treatment of information security risks.
As well as changes to the title of the standard, the language used and numbering, updated clauses include:
4.2 – Understanding the needs and expectations of interested parties
4.4 – Information security management system
6.2 – Information security objectives and planning to achieve them
6.3 – Planning of changes
7.4 – Communication
8.1 – Operational planning and control
9.1 – Monitoring, measurement, analysis and evaluation
9.2 – Internal audit
9.3 – Management review