3 March 2022

Revision ISO 27002: simplification and modernization

To ensure that quality standards remain relevant and current, they are reviewed at least every five years. For that reason, the ISO 27002 was recently revised. This standard contains the practical guidelines and control measures for management systems for information security (ISMS) that are inextricably linked to the information security standard ISO 27001. The new standard is planned to be published early May 2022 and we already discuss a number of changes below.

New name

One of the most notable changes in the revised ISO 27002 is the name change. While ISO 27002 was known as 'Information technology - Security techniques - Code of practice for information security controls', the 2022 version of the standard will be called 'Information security, cybersecurity and privacy protection - Information security controls'.

New structure

Besides a different name, ISO 27002 has also been given a new structure. The fourteen chapters from the 'old' version have been reduced to four themes: People, Physical, Technology and Organization. Existing measures have also been merged and eleven new measures have been added. On balance, the number of control measures in ISO 27002:2022 remains approximately the same. A modernization process has also been implemented, making it easier to search for the right measures from now on.

What does this mean for your current certificate or new application?

As usual, a transition period will apply after publication of the new standard. We will inform you about the method of testing and what the transition period will look like. Our auditors are currently being trained in the new standard and will tell you more about this during the audits from March 2022. We will also keep you informed via our website and mailings. It is likely that ISO 27001:2013 Amendment 1:2022 will be published on May 5, 2022.