“New Edition of ISO/IEC 27001: Changes and Deadlines”
On October 25, 2022, the ISO/IEC 27001:2022 standard, titled “Information security, cybersecurity, and privacy protection – Information security management systems – Requirements,” was published.
The ISO/IEC 27001 standard, a cornerstone in the field of information security, is about to undergo a significant update with a new edition. This widely adopted global standard sets forth the requirements for implementing an effective Information Security Management System (ISMS). ISO/IEC 27001 helps organizations protect their data, ensuring that sensitive information is managed securely and in compliance with regulations.
The new edition, known as ISO/IEC 27001:202x, brings about some notable changes compared to the previous version. Among the major changes expected is a heightened focus on risk management in information security, taking into account the evolving cybersecurity landscape. This modification aims to make ISO/IEC 27001 more flexible and adaptable to the ever-changing cybersecurity challenges.
The new edition will also place greater emphasis on stakeholder engagement and people within the organization. This will promote a more collaborative and inclusive approach to information security.
TIME LIMIT AND TRANSITIONAL PERIOD
Regarding deadlines, the introduction of the new edition will happen gradually. Organizations that hold certifications under ISO/IEC 27001:2013 (UNI CEI EN ISO/IEC 27001:2017) will have a transition period to adapt to the new version. It is crucial that organizations stay updated on specific transition dates and adequately prepare for the switch.
Specifically, all certifications issued in compliance with the ISO/IEC 27001:2013 standard (UNI CEI EN ISO/IEC 27001:2017) must be adjusted to the new standard by October 31, 2025. This means that by this date, certifications based on the old regulations will either expire or be revoked, marking the end of the transition period.
Starting from April 30, 2024, all new certifications and renewals will be issued exclusively in line with ISO/IEC 27001:2022. This standard represents an important update, with a particular focus on countermeasures to address current cybersecurity and data protection challenges.
In conclusion, the new edition of ISO/IEC 27001 marks a significant step forward in enhancing information security. Organizations should start planning for the transition and prepare to adapt to the changes in a timely manner, as information security remains a key element in today’s interconnected world.