As already mentioned, ISO/IEC 27002 specifies the requirements for the measures listed in Annex A of ISO/IEC 27001 for higher information security. It is therefore often additionally used as a kind of guide when setting up an ISMS. But with the publication of the new ISO/IEC 27002:2022, there is no reason for companies that have already implemented and certified an ISMS to rush or panic. This is because the current ISO/IEC 27001:2013 continues to form the standard for certification. In the catalog of measures in Annex A, it refers to the previous version of ISO 27002:2013.
However, it is expected that the ISO body will adapt ISO/IEC 27001, and in particular the controls in Annex A, to the new structure of ISO/IEC 27002 this year in order to synchronize the standards. After that, as usual, there will be a transition period of up to two years from the month of publication. Companies that have already implemented an ISMS according to the current ISO/IEC 27001 therefore still have some time to implement it. However, it would be best for them to start looking at the new ISO/IEC 27002:2022 measures structure now and analyze the possible need for changes to their existing ISMS. Then they will be well prepared and can provide the necessary resources for adapting the ISMS in good time.
If you have any questions regarding information security, the introduction or implementation of ISO 27001 or data protection, please do not hesitate to contact your team at aigner business solutions GmbH. Simply use our contact form. You can also reach us by phone at our head office in Hutthurm on +49 (0) 8505 91927 – 0 or at our branch office in Munich on +49 (0) 89 413 2943 – 0.