ISO/IEC 27001:2022
Current
The latest, up-to-date edition.
Information security, cybersecurity and privacy protection — Information security management systems — Requirements
ISO/IEC 27001:2022 guides organisations in their quest to manage and protect sensitive data. The Standard provides a framework for creating an information security management system (ISMS); a set of policies, procedures and processes to secure data and ensure it’s always confidential and accurate.
ISO/IEC 27001:2022 is globally recognised. The 2022 update added new controls for managing cyber risks and cloud security in line with evolving technological challenges. The Standard also outlines best practices for assessing and managing security risks and implementing strong security measures.
English, French
10-25-2022
This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses4 to 10 is not acceptable when an organization claims conformity to this document.
| Committee |
ISO/IEC JTC 1/SC 27
|
| DocumentType |
Standard
|
| Pages |
19
|
| PublisherName |
International Organization for Standardization
|
| Status |
Current
|
| Supersedes |
Purchasing the ISO/IEC 27001:2022 Standard will ensure your business meets strict regulatory compliance regarding data. It’s critical your data practices align with laws like the Australian Privacy Act and General Data Protection Regulation (GDPR). In addition to compliance, the Standard also helps to protect your assets and business from data breaches and cyber attacks.
The ISO/IEC 27001:2022 also promotes:
- Risk management: The Standard helps to identify and combat information security risks early before they become major incidents
- Incident response: The Standard establishes clear protocols for detecting and responding to major security incidents
- Improved processes: The Standard promotes a “data culture” with better internal policies and controls which can improve operational efficiency
- Client confidence: The Standard demonstrates that you are committed to the highest levels of data security. This boosts trust with customers and partners.
- Competitive advantage: The Standard helps you gain a competitive edge in markets where security credentials are valued.
| Standards | Relationship |
| DS/INF 271:2023 | Identical |
| PN-EN ISO/IEC 27001:2023-08 | Identical |
| DS/EN ISO/IEC 27001:2023 | Identical |
| NEN-EN-ISO/IEC 27001:2023 | Identical |
| NS-EN ISO/IEC 27001:2023 | Identical |
| AS/NZS ISO/IEC 27001:2023 | Identical |
| NF EN ISO/IEC 27001:2023 | Identical |
| SS-EN ISO/IEC 27001:2023 | Identical |
| ÖVE/ÖNORM EN ISO/IEC 27001:2023 09 01 | Identical |
| DS/ISO/IEC 27001:2022 | Identical |
| ABNT NBR ISO/IEC 27001:2022 | Identical |
| CEI UNI EN ISO/IEC 27001:2024-10 | Identical |
| UNE-ISO/IEC 27001:2023 | Identical |
| BS ISO/IEC 27001:2022 | Identical |
| UNE-EN ISO/IEC 27001:2023 | Identical |
| BS EN ISO/IEC 27001:2023 | Identical |
| JIS Q 27001:2023 | Identical |
| INCITS/ISO/IEC 19790:2012(R2024) | Information technology - Security techniques - Security requirements for cryptographic modules |
Access your standards online with a subscription
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.
Important note : All end users must be registered with an Account prior to user licenses being assigned.