The International Organization for Standardization ('ISO') announced, on 25 October 2022, that it had updated its standard ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection ('ISO/IEC 27001'). In particular, ISO noted that ISO/IEC 27001 was updated to address global cybersecurity changes and improve digital trust. Moreover, the ISO/IEC 27001 provides that it has been prepared to provide requirements for establishing, implementing, maintaining, and continually improving an information security management system. In addition, the ISO/IEC 27001 includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation. Importantly, the ISO/IEC 27001 notes that the requirements set out in the document are generic and are intended to be applicable to all organisations, regardless of type, size, or nature.

Furthermore, the ISO highlighted that the ISO/IEC 27001 benefits organisations by:

• securing information in all forms, including paper-based, cloud-based, and digital data;
• increasing resilience to cyber attacks;
• providing a centrally managed framework that secures all information in one place;
• ensure organisation-wide protection, including against technology-based risks and other threats;
• responding to evolving security threats;
• reducing costs and spending on ineffective defence technology; and
• protecting the integrity, confidentiality, and availability of data.

You can read the press release here and access the ISO/IEC 27001 here.