The transition from ISO 27001:2013 version to ISO27001:2022 — Part 1

Understanding the differences and preparation

1. Name Change

The 2013 version of ISO 27001 was called Information Technology — Security Techniques — ISMS Requirements. The 2022 version is now called Information Security, Cybersecurity, and Privacy Protection — ISMS Requirements.

2. Structure Change

ISO 27001 still includes the mandatory clauses as before. No new clauses were introduced. However, new requirements have been added to the existing clauses in the form of new sub-sections (example- 4.2 c) and others.

Quick Glance at the below tabular column- The controls requirements numbers have been reduced from 114 to 93. It is a result of some of them being consolidated, newly added, and deletion.

In the 2013 versions, Annexure A controls were classified much more granular form than in the newer version. Annexure A has been categorized into 4 domains at a very high level. This makes it very simple and organized.