Compliance Standards Library

ISO 27001:2022 Frequently Asked Questions

  • Updated

What is ISO 27001:2022?

  • ISO 27001:2022 is the most current version of ISO 27001. The 2022 version includes updated Annex A controls and minor updates to the clause language, twelve new controls, and modernized controls. 

What is different about ISO 27001:2022 from the previous version? 

  • Controls are grouped by:
    • People (8 controls)
    • Organizational (37 controls)
    • Technological (34 controls)
    • Physical (14 controls)
  • New Controls Include:
    • Threat intelligence
    • Identity management
    • Information security for the use of cloud services
    • ICT readiness for business continuity
    • Physical security monitoring
    • Configuration management
    • Information deletion
    • Data masking
    • Data leakage prevention
    • Monitoring activities
    • Web filtering
    • Secure coding

If my company is certified under ISO 27001:2013, when will I have to comply with the newest version?

  • There is a 36-month window to make the change beginning on November 1, 2022. If you are in the early stages of working toward ISO 27001, it is recommended to implement the new version. 

If my company uses the updated Vanta documents that comply with 27001:2022, will I still be certified for ISO 27001:2022?

  • Yes

As a Vanta customer, we have paid for ISO 27001:2013. Will we also need to purchase ISO 27001:2022?

  • No, existing customers using Vanta for ISO 27001:2013 get free access to the 2022 version. Current customers of the ISO 27001:2013 will see the ISO 27001:2013 and ISO 27001:2022 standards on their Compliance page.

What will Vanta automate? 

  • Templates for documents and policies
  • Automated tests