Resilience Compliance – ISO 27001:2022 – find out more with Databarracks
ISO 27001 is the most widely-recognised and implemented framework for organisational resilience. By working towards compliance, businesses can better protect their critical IT in a systematic and cost-effective way.
Since its original publication in 1995, ISO27001 has become the de facto standard for information security management system (ISMS). With guidance for companies of all sizes and across sectors, conformity with the standard signifies that an organisation has taken a considered approach to protecting the data they own or manage.
However, as the digital landscape continues to evolve — and potential threats grow day by day — safeguarding against potential threats can feel like an impossible task. To help businesses meet this challenge, the ISO standard is periodically reviewed to reflect the ever-changing responsibilities and avenues of attack that businesses face.
What’s new in ISO 27001:2022?
In a relatively small (but still significant) update from the previous version released in 2013, ISO 27001:2022 marked a shift in focus from information security to a broader approach.
Most notably, this included key provisions for cloud security, data protection and physical security. The main changes were:
- A new title, bringing cyber security and privacy into focus.
- Revisions to the IS Management System standard, with requirements for organisational context and change planning, as well as criteria for processes and relevant controls.
- Management review input to consider the changing needs and expectations of interested parties.
ISO 27001:2022 – new security controls
The latest standard included changes to the Security Controls in Annex A, which are now separated into four sections — People, Organisational, Technological and Physical.
While the number of total controls decreased from 114 to 93, there were 11 new additions:
- Threat Intelligence
- Information security for use of cloud services
- ICT readiness for business continuity
- Physical security monitoring
- Configuration management
- Information deletion
- Data masking
- Data leakage prevention
- Monitoring activities
- Web filtering
- Secure coding
How can Databarracks help you to achieve compliance?
The revisions to ISO 27001:2022 don’t signify a complete upheaval of the way we think about information security. Rather, they reflect the reality that modern business needs are constantly changing — a fact that we know well at Databarracks.
As an ISO 27001 certified service provider ourselves, we are well equipped to help organisations assess and offset their exposure to information security risks. When we first achieved compliance, our Co-Founder had this to say:
“Security has always been our watchword at Databarracks. ISO27001 has given us a security-based framework around which to identify, measure and control the risks within what is an extremely complex…. services environment.” Peter Groucutt, Databarracks Co-Founder
Information security for use of cloud services
Working with Databarracks gives businesses the flexibility to set specific requirements for cloud services. In turn, this enables them to better protect their information in the cloud.
- Comprehensive security assessments to identify and mitigate potential vulnerabilities and risks within your cloud environments
- Continuous security monitoring solutions, enabling real-time detection and response to emerging threats
- Deployment of a Cloud Governance Framework
ICT Readiness for Business Continuity
Databarracks can help you to protect your ICT against potential disruptions to ensure the confidentiality, integrity, and availability of information and assets.
- Technology to enable systems and service resilience and redundancy
- Risk-based planning, maintenance and testing for BC and DR plans
- Staff awareness and training
- DR Plans supporting BC lifecycle outputs
To learn how we can help you to achieve ISO 27001:2022 compliance, or for any other inquiries related to ensuring your IT resilience and continuity, contact us today.
You can also download our full ISO 27001:2022 datasheet here.