What is ISO 27001:2022?
ISO 27001 : 2022 is an internationally recognised standard that lays out requirements to which an organisation must adhere, to demonstrate that it’s information is managed within a framework committed to continually reviewing and improving the security of that information.
It provides a list of 93 best practice controls that you can implement to improve the security of information you manage. These controls are split into 4 key areas; People Controls, Organisational Controls, Technological Controls and Physical Controls.
The framework is commonly referred to as an Information Security Management System. As ISO 27001 : 2022 is an internationally recognised standard, most information security management systems are based on its requirements.
The standard focuses on how your organisation
- Controls important documentation and records
- Manages assets via which important information can be accessed, processed and transmitted
- Manages information security processes in line with the 3 key principals of information security; Confidentiality, Integrity and Availability,
- Manages risks to information security
- Manages the physical security of your premises
- Trains and informs staff on information security best practice
- Reviews internal processes and information security related problems
- Manages your commitment to continual improvement of the ISMS.