GRC Expertise | Integrity Delivered ...going beyond Compliance

GRC Audit Consultancy
GRC Audit Consultancy
  • Home
  • About Us
    • About
    • Mission Statement
  • Services
    • SOC Services
    • ISO 14001
    • ISO 27001:2013
    • ISO 27002:2022
    • ISO 45001
    • COBIT® 2019
  • Training
    • Book a Course
    • ISO27001 Lead Auditor
    • ISO27001 Lead Implementer
    • UK GDPR Foundation
    • UK GDPR Practitioner
    • COBIT® Training
    • How To Book & Pay
  • Contact Us
  • More
    • Home
    • About Us
      • About
      • Mission Statement
    • Services
      • SOC Services
      • ISO 14001
      • ISO 27001:2013
      • ISO 27002:2022
      • ISO 45001
      • COBIT® 2019
    • Training
      • Book a Course
      • ISO27001 Lead Auditor
      • ISO27001 Lead Implementer
      • UK GDPR Foundation
      • UK GDPR Practitioner
      • COBIT® Training
      • How To Book & Pay
    • Contact Us
  • Sign In
  • Create Account
  • Bookings
  • My Account

  • Signed in as:

  • filler@godaddy.com

  • Bookings
  • My Account

  • Sign out

Signed in as:

filler@godaddy.com

  • Home
  • About Us
    • About
    • Mission Statement
  • Services
    • SOC Services
    • ISO 14001
    • ISO 27001:2013
    • ISO 27002:2022
    • ISO 45001
    • COBIT® 2019
  • Training
    • Book a Course
    • ISO27001 Lead Auditor
    • ISO27001 Lead Implementer
    • UK GDPR Foundation
    • UK GDPR Practitioner
    • COBIT® Training
    • How To Book & Pay
  • Contact Us

Account

  • Bookings
  • My Account

  • Sign out

  • Sign In
  • Bookings
  • My Account

ISO 27002:2022 Changes, Updates & Comparison

ISO/IEC 27002 has been revised to update the information security controls to reflect developments and current t information security practices in various sectors of businesses and governments. Here are the most frequent questions we typically get, and the detailed explanations.  


What exactly is changed in ISO 27002:2022? 

In ISO 27002:2022, the name of the standard has been changed from “Information technology – Security techniques – Code of practice for information security controls,” to “Information security, Cybersecurity and privacy protection – Information security controls.” 

Changes in the compliance landscape, e.g. regulations such as GDPR (General Data Protection Regulation), the evolving business continuity, cyber risks and compliance challenges faced by organisations around the world and the introduction of ISO 27701 resulted in a need for ISO 27002 to broaden the scope of its controls from its original information security focus, to account for cyber security and information privacy and vulnerability management. These updates to ISO hope to improve this by providing a reference set for information security control objectives for use in context-specific information security, privacy and cyber security risk management. The new ISO 27002 2022 revision was published on the 15th of February 2022. 


New ISO 27002 has 93 controls in the following 4 sections: 

• Organizational controls (clause 5) 

• People controls (clause 6) 

• Physical controls (clause 7) 

• Technological controls (clause 8) 

Structure of sections From the previous 14 sections, ISO 27002:2022 now has only four sections, along with two annexes: 

• Organisational controls (clause 5) • People controls (clause 6)

• Physical controls (clause 7) 

• Technological controls (clause 8) 

• Annex A – Using attributes

• Annex B – Correspondence with ISO/IEC 27002:2013


This new structure makes it easier to understand the applicability of the controls in a high-level sense, as well as the designation of responsibilities. 


The controls in the updated version of ISO 27002 have two new elements in their structure:

• Attribute table: attributes associated with the control (see next section for explanation) 

• Purpose: rationale for applying the control 

IBITGQ 's Training Links and Resources

https://www.ibitgq.org/certificates

Copyright © 2023 GRCA.  All Rights Reserved.

  • Book a Course
  • Privacy Policy