ISO 27001 - What changed?
Quais foram as atualizações?
The update from ISO 27001:2013 to ISO 27001:2022 brings some long-awaited changes to the standard. However, these changes only apply to the controls listed in Annex A of ISO 27001, with no change in its requirements (clauses 4 to 10).
The changes made to the standard were prepared with a view to simplifying the ISO 27001 implementation process. The previous 114 controls, some of them obsolete, were condensed into just 93, organized into 4 sections (replacing the 14 previously existing sections). However, reducing the number of controls does not represent their exclusion from the standard, but their merger/reorganization. Additionally, 11 new controls were introduced.
For organizations already certified in ISO 27001, updating the standard will lead to the need to update the certification, in order to ensure compliance with the version of the standard in force. In these cases, since a lot of information is kept, the duration of the certification process will be significantly shorter.
In the case of organizations that still intend to be certified, it is still feasible to start the implementation process based on the version still in force, making the necessary adjustments later.