16th March 2022 – News Announcement – World First!

As a global leader in ISO 27001 compliance software, 27k1 believes that it is ahead of the curve. The 27k1 ISMS software now deploys the new, ISO 27002:2022 controls.

We believe that this is a world first!

On 15th February, the ISO (International Standards Organization) published the long awaited ISO 27002:2022 controls. Following rigorous product testing, the new control set has been added to the 27k1 ISMS software and integrated into all system modules. This allows the Gap Analysis, Statement of Applicability, Risk Assessments and Audits to be run using the new controls, the system delivering full, automated reports.

Version 7 of the 27k1 ISMS software now adds the new, 2022 controls alongside the present ISO 27002:2013 control set, allowing system users to choose how they wish to comply with ISO 27001. For those companies that have achieved ISO 27001 certification, the software will enable easy transition from the 2013 control set to the new, 2022 control set.

The ISO 27002:2022 controls are comprised of 93 security controls which span 4 main themes:

1. Organisational controls (37 controls)
2. People controls (8 controls)
3. Physical controls (14 controls)
4. Technological controls (34 controls)

The 93 controls include 12 new controls that have been added in response to major shifts in both technology and threats since 2013. The emphasis of the control changes is on cyber-attack prevention, detection and response, as well as better protecting sensitive data. Moreover, the new controls closely align ISO 27001 with the NIST Risk Management Framework.

With regard to the transition period, an amended version of ISO/IEC 27001 is currently progressing through the standards process and on publication, the International Accreditation Forum (IAF) will publish its transition requirements.

The 27k1 ISMS software provides full risk management, total control of management review meetings, internal audits and nonconformities, the whole being accompanied by dashboard style reporting.