What is ISO 27001:2022?
ISO 27001:2022 is the most current version of ISO 27001. The 2022 version includes updated Annex A controls and minor updates to the clause language, twelve new controls, and modernized controls.
What is different about ISO 27001:2022 from the previous version?
Controls are grouped by:
People (8 controls)
Organizational (37 controls)
Technological (34 controls)
Physical (14 controls)
New Controls Include:
Threat intelligence
Identity management
Information security for the use of cloud services
ICT readiness for business continuity
Physical security monitoring
Configuration management
Information deletion
Data masking
Data leakage prevention
Monitoring activities
Web filtering
Secure coding
If my company is certified under ISO 27001:2013, when will I have to comply with the newest version?
Beginning on November 1, 2022, there is a 36-month window to make the change. Implementing the new version is recommended if you are in the early stages of working toward ISO 27001.
If my company uses the updated Vanta documents that comply with 27001:2022, will I still be certified for ISO 27001:2022?
Yes
As a Vanta customer, we have paid for ISO 27001:2013. Will we also need to purchase ISO 27001:2022?
No, existing customers using Vanta for ISO 27001:2013 get free access to the 2022 version. Current customers of the ISO 27001:2013 will see the ISO 27001:2013 and ISO 27001:2022 standards on their Compliance page.
What will Vanta automate?
Templates for documents and policies
Automated tests