What’s new in ISO 27001:2002 everything you wanna to know

Abimuktheeswaran Chidambaram
1 min readDec 19, 2023
https://media.licdn.com/dms/image/D4D12AQFd27QofVGm-w/article-cover_image-shrink_720_1280/0/1682001831542?e=2147483647&v=beta&t=4y4z6Tdsk7Z3hYY1vfYhqYe6pqs-obsA2ScL5J40hFg

If you are fresh to ISO 27001 check out my previous article https://abiabi0707.medium.com/overview-of-iso-27001-a35492c961e0. ISO 27001:2022, the third and latest, revised version of the ISO 27001 standard was released on October 25, 2022. We see the latest updates here…

1. Guideline name — Previously, it was Information Technology — Security Techniques — Information Security Management Systems — Requirements. Now, it reads Information security, cybersecurity, and privacy protection — Information security management systems — Requirements.

2. Document Length — the number of pages in the 2013 document was 23 while the current version has only 19 pages.

3. Controls — The old version had 114 controls, now it is decreased to 93 controls. They are restructured and categorized into 4 sections namely, people (8 control), organizational (37 control), technological (34 control), and physical (7 control). In summary, 35 controls remained unchanged, 23 controls were renamed, 57 controls were merged to form 24 controls and 11 new controls were added.

4. Transition Period - the company can apply for ISO 27001:2013 till October 31, 2023. That certificate ends on October 31, 2025.

--

--