Transitioned to 2022 standard
We (under our former Restore Digital brand) were certified in ISO27001:2013 and as part of efforts to support the sustainability and growth of the business, we have been working tirelessly towards the most recent certification in Information Security Management.
We are proud to announce we completed in 2024 a transition assessment against the new version ISO27001:2022.
Restore Information Management are dedicated to improving capabilities to protect the business and its reputation, and our people.
What’s changed between ISO27001:2013 and ISO27001:2022?
The ISO 27001 standard, which deals with information security management systems (ISMS), was revised in 2013 and updated in 2022.
The transition to ISO27001:2022 incorporated aligning our existing Information Security Management System (ISMS) with the updated requirements of the new standard. There were key changes needed which included the security controls, of which there are 11 new ones and 58 had been revised. Additionally, 56 controls were merged into 24, resulting in a reduced total of 93 controls grouped into four themes: People, Organisational, Technological, and Physical.
British Standards Institute (BSI) – who are UKAS accredited, conducted a transition readiness review followed by a formal assessment (November 2023) on the effectiveness of the updated ISMS and confirmed a successful transition.
All organisations certified to ISO7001:2013 need to transition to ISO27001:2022 by October 2025. Having transitioned in 2023 shows our security posture and ability to adapt to evolving threats.
For the transition the Information Security Auditor:
1. Conducted a gap analysis to identify any gaps from the existing standard to the new requirements.
2. Revised and updated policies and procedures
3. Conducted internal audits on the 93 controls and the clauses which had been updated to verify that the updated ISMS complies to the new standard.
Get in touch today to understand the change in more detail, or how regulatory requirements might affect your business.
Key benefits of ISO27001:2022
- Risk Management Approach: The 2022 version emphasises a risk-based approach that is more adaptive and responsive to the changing threat landscape. It provides clearer guidance on risk assessment and treatment.
- Adaptability and Continuous Improvement: The 2022 revision stresses the need for continual improvement and adaptability. Organisations are encouraged to regularly review and update their security measures to address emerging threats.
- Integration with other Management Systems: The updated standard encourages better integration with other management systems, fostering a more holistic approach to organisational management.
- Human Factors: There’s increased focus on human aspects of security, such as training, awareness, and competence of personnel. This recognises the crucial role people play in maintaining security.
- Documentation Requirements: The documentation requirements have been refined to focus on necessary documentation without being overly prescriptive, giving organisations more flexibility in their approach.
Our certifications and what they mean
At Restore Information Management , we pride ourselves on continuous improvement to ensure our clients benefit from the latest advancements in technology and see us as a trusted partner.
Maintaining accreditation often involves a commitment to ongoing training and improvement, but our team are committed to upholding the highest standards to keep your data safe and secure.
To find out more, or discuss your needs, why not get in touch?
Give our specialists a call on 01293780075
Contact usReferences:https://www.british-assessment.co.uk/insights/a-complete-guide-to-iso-iec-270012022/