insights-into-the-revised-isoiec-270012022

Insights Into The Revised ISO/IEC 27001:2022

Share this article

Altenar, a sportsbook software provider, is excited to present an overview of the new standard (ISO/IEC 27001:2022) published on October 25, 2022 and how this standard is improved to address the ever-evolving security challenges being faced by organisations.


ISO 27001 describes the framework for an information security management system. Changing cyber threats and new vulnerabilities continue increasing the risks relating to confidentiality, integrity and availability.  The new version of the standard enhances the focus on managing these risks.  


One benefit of using the upd ated controls outlined in the new ISO/IEC 27001:2022 is that they are clearly defined and can be easily identified. This makes it simpler to choose which controls to implement, potentially reducing the overall effort required for compliance. Additionally, it can also help to improve the overall efficiency and effectiveness of your ISMS by allowing for better integration of security processes.


The initial compulsory requirements of the 2013 version,  clauses 4 to 10 have had some minor changes and few additional requirements.  The significant update however, is mainly in the Annex A control se t which has been aligned with the latest ISO 27002 publication. The controls have been reduced  fr om 114 to 93, 11 are new and 24 controls have been merged while 58 descriptions and guidance have been upd ated.  


The 93 controls have been consolidated into four key areas:


1. A.5 Organisational controls

2. A.6 People controls 

3. A.7 Physical controls 

4. A.8 Technological controls


Organisations need to review and compare the new information security controls to their current controls. This review process will result in updates to risk management plans and changes to the Statement of Applicability (SoA) to account for the new or updated controls. 


Information about the transition to the new published standard 


Considering the ISO/IEC 27001:2022 is not a “fully revised edition” the IAF, International Accreditation Forum, Inc. does not demand immediate transition for those already certified or pursuing the 2013 revision (ISO 27001).  Certified organisations will need to transition to the new revision within 36 months from the last day of the publication month of ISO/IEC 27001:2022, that is October 31, 2025.  


IAF MD 26 outlines the following minimum objectives for certification bodies along with a minimum 0.5 auditor days to confirm the transition plan for certified organisations:


  • Gap assessment of the organisation’s system against the 2022 revision of ISO 27001
  • Review of the updated statement of applicability, inclusive of the new se t of 93 controls
  • Review of risk treatments plans, especially in areas wh ere these plans were designed around Annex A controls being utilised to mitigate identified risks
  • Assessment of the implementation and effectiveness of newly adopted controls


You can discover more about transitioning from the official IAF MD 26.


Previous Next

Related articles

  • navigating-colombian-gambling-laws-a-guide-for-igaming-operators-in-2024

    Navigating Colombian Gambling Laws: A Guide for iGaming Operators in 2024

  • altenar-partners-with-free-to-play-games-provider-splash-tech

    Altenar partners with free-to-play games provider Splash Tech

  • altenar-sponsors-isle-of-man-athletics-volunteer-award-scheme

    Altenar sponsors Isle of Man Athletics Volunteer Award Scheme

  • altenar-partners-with-kero-gaming-to-bring-contextual-micro-markets-to-sportsbook-

    Altenar partners with Kero Gaming to bring contextual micro markets to sportsbook

  • 500-up-altenar-reaches-workforce-milestone

    500 up! Altenar reaches workforce milestone

  • altenar-s-bet-boost-promo-tool-receives-upgrade

    Altenar’s Bet Boost promo tool receives upgrade

  • altenar-partners-with-data-bet-to-enhance-esports-offering

    Altenar partners with DATA.BET to enhance eSports offering

  • gaming-licences-which-one-should-you-get-in-2024

    Gaming Licences - Which One Should You Get in 2024

  • altenar-and-fast-track-enter-strategic-partnership-to-revolutionise-player-engagement

    Altenar and Fast Track enter strategic partnership to revolutionise player engagement

  • trio-of-betting-widgets-released-to-boost-customer-engagement

    Trio of betting widgets released to boost customer engagement

  • localised-solution-the-key-in-mexican-market

    Localised solution the key in Mexican market

  • trading-notifications-channel-streamlining-insights

    Trading Notifications Channel: Streamlining Insights with Altenar's Data Team

Fill out the form and we’ll be in touch as soon as possible

Enquiry Type
How can we reach you?
Region of Operation
How did you hear about us?

This form collects your data so that we can correspond with you. Read our Privacy Policy for more information