ISO 27001 - What changed?

Quais foram as atualizações?

The update from ISO 27001:2013 to ISO 27001:2022 brings some long-awaited changes to the standard. However, these changes only apply to the controls listed in Annex A of ISO 27001, with no change in its requirements (clauses 4 to 10).

The changes made to the standard were prepared with a view to simplifying the ISO 27001 implementation process. The previous 114 controls, some of them obsolete, were condensed into just 93, organized into 4 sections (replacing the 14 previously existing sections). However, reducing the number of controls does not represent their exclusion from the standard, but their merger/reorganization. Additionally, 11 new controls were introduced.

For whom?

For organizations already certified in ISO 27001, updating the standard will lead to the need to update the certification, in order to ensure compliance with the version of the standard in force. In these cases, since a lot of information is kept, the duration of the certification process will be significantly shorter.

In the case of organizations that still intend to be certified, it is still feasible to start the implementation process based on the version still in force, making the necessary adjustments later.


The advantages of ISO 27001 certification remain:


Business efficiency gains


Reduction of expenses with IT


Increased competitiveness


GDPR compliance

The ISO 27001 eBook is here!

Your company has not yet implemented the international Information
Security standard?
Download the eBook for free and find out what steps
to take to keep your business safe.

Contact form.

We are here to help! Get in touch with us.

Request further information.

By submitting your data, you agree with our Privacy Policy.