In February 2022, the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) released an update to the ISO/IEC 27002:2013, known as ISO/IEC 27002:2022. In order to make the framework more adaptable and customizable to various organizations, a cadre of changes were announced.
The major changes will include a reduction of the total number of controls, changes to the framework’s taxonomy and the creation of new attribute tables. This isn’t an exhaustive list of the changes to come this year with ISO; an amendment to ISO 27001 is expected to be published between May and October 2022.
In this episode of Compliance Crosswalk, hosts Arti Lalwani and Blaise Wabo sit down with ISO 27001 expert, Steve Holladay of Arrowhead Training to better understand what is included in the February updates and where ISO 27001 is headed in the next year or two.