ISO/IEC 27001:2022 Information Security Management Systems.

We Can Help You With Preparing your scoping statement Communication and training Strategy Prepare a current state ISO 27001  Program and project management Remediation of missing controls External Audit Ongoing support

What is ISO27001:2022?

ISO/IEC 27001 has been updated to address global cybersecurity challenges and improve digital trust. In today’s increasingly digital world, securing information assets is crucial – and the world’s best-known standard for information security management helps. The following summary summarizes some of the fundamental changes to the standard to help organizations identify the key areas they need to review to either re-certify against ISO 27001: 2013 or re-certify against ISO 27001: 2022.

What Has Changed

We offer a comprehensive range of services, including:

  • Gap analysis: We will assess your current security controls and identify any gaps.
  • Implementation plan: We will develop a plan to close the gaps and implement ISO 27001 in your organization.
  • Training: We will provide training to your staff on ISO 27001 and security best practices.
  • Documentation: We will help you create the necessary documentation for ISO 27001 compliance.
  • Audit support: We will provide support during your audit to ensure that you pass with flying colors.

The Categories

The new categories of controls have been consolidated from 14 to 4.

  • People (8 controls) – if they concern individual people, 
  • Organisational (37 controls) – if they concern the organisation, 
  • Technological (34 controls) – if they concern technology, s
  • Physical (14 controls) – if they concern physical objects, 

Table of All ISO 27001:2022 Annex A Controls

Click here to see the full list  

Achieving ISO 27001 certification can be a complex process, but there are several key steps that businesses can take to help ensure a successful outcome. Here are some of the most important steps to follow when pursuing ISO 27001 certification:

Conduct a gap analysis: The first step is to assess the organization's current security posture and identify any gaps between the existing controls and the requirements of ISO 27001. This will help to determine the scope of the certification project and highlight any areas that need improvement.

Develop an information security management system (ISMS): An ISMS is a framework of policies and procedures that governs how the organization manages and protects its sensitive information. This system should be designed to align with the ISO 27001 standard and must be implemented and maintained throughout the organisation.

Conduct a risk assessment: A risk assessment helps identify potential threats and vulnerabilities to the organization's sensitive information. This assessment will help to determine the appropriate risk treatment strategies and controls to implement to mitigate those risks.

Develop and implement security controls: Based on the results of the risk assessment, the organization should develop and implement appropriate security controls to protect its sensitive information. This includes physical, technical, and administrative controls.

Train and educate employees: Employees play a critical role in maintaining the security of the organization's sensitive information. It's essential to provide regular training and education to ensure that employees understand their responsibilities and are aware of the risks associated with handling sensitive data.

Conduct internal audits: Regular internal audits are an essential part of the ISO 27001 certification process. These audits help to ensure that the ISMS is being implemented effectively and that the security controls are working as intended.

Engage an accredited certification body: Finally, the organization should engage an accredited certification body to perform an independent assessment of the ISMS and verify that it meets the requirements of the ISO 27001 standard.

Benefits of ISO/IEC 27001:2022 certification

Ensures secured exchange of information across the enterprise
Ensures information security is everyone’s responsibility

Not having the certification is becoming a competitive disadvantage

Not having the certification is becoming a competitive disadvantage
Required by many third parties for integration
It is a justified investment

How can we help Superannuation and Responsible Entities?

Our Consultants are expert in superannuation and Responsible Entities, so they fully understand the regulation, the requirement of APA and other regulators as well as typical business processes

Our Expertise can help you every step of the way:

Understand what is involved
and define the scope.

Implementation
of controls.

Internal audit &
enhancement.

External
audit.

Certification