Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice

X

When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO27001 Update – ISO Changes its Mind

You may be aware that ISO recently published a new version of the ISO27002 guidance for information security and the big question was when and how they would update the ISO27001 requirements standard to match it.

We blogged on this previously and the rather surprising plan was for ISO to issue an Amendment to the ISO27001 standard, rather than publishing a new version. We wondered what this meant for people wanting to work towards certification; presumably they would need to buy the 2013 version of the ISO27001 standard and then Amendment 1 also and use the combination of the two documents to understand what was required? When certified, the assumption was that the certificate would state ISO/IEC 27001:2013 plus Amendment 1:2022 which seems a bit of a mouthful.

Anyway it turns out we weren’t the only ones to feel this would confuse people (we assume); as of 30 May 2022 the project to produce Amendment 1 has been deleted on the ISO website and replaced with a final draft (an FDIS) of the full ISO/IEC 27001 standard.

So we will have an ISO/IEC 27001:2022 after all it seems.

When? Our guess is somewhere between July and September which we freely admit is suitably vague given the lack of information from ISO.

Is this an embarrassing climb-down on the part of ISO? Well, technically and procedurally the Amendment route was probably the correct way to go based on the nature of the changes involved, but it adds a layer of complexity that would fox many people and who needs that kind of confusion? We feel the ISO has listened to the concerns that were most likely expressed as part of the consultation and has been brave enough to do the right thing. So well done ISO we say.

Watch this space for further updates, gossip and rumours about the new standard as they happen.

We’ve helped more than 4000 businesses with their compliance

Testimonials

The toolkit was perfect in delivering the correct process to our business, preventing thousands spent on consultants delivering the same toolkit. It also played a massive part in speeding up our compliance in GDPR.

G3 Comms Limited
UK

View all Testimonials