Cybersecurity is a critical concern in today’s digital world. With the increased use of digital devices and increasing reliance on technology, cyber threats have also grown more sophisticated. Cybercriminals have more opportunities to exploit vulnerabilities and gain access to sensitive information, and the consequences of a breach can be devastating. Individuals and businesses must take proactive steps to improve their cybersecurity practices, and to develop and implement effective cybersecurity strategies that keep pace with the evolving nature of cyber threats.
What is ISO 27001 Information Security Management System?
ISO 27001 is a globally recognized standard for Information Security Management System (ISMS). It provides a systematic framework for managing and protecting sensitive information and data assets within an organization, regardless of its size or industry. The standard outlines a set of best practices for establishing, implementing, maintaining, and continually improving an ISMS to ensure the confidentiality, integrity, and availability of information.
An ISMS based on ISO 27001 includes policies, procedures, and controls that cover all aspects of information security. The standard requires organizations to conduct a thorough risk assessment to identify the potential threats, vulnerabilities, and impacts on their information assets, and then implement appropriate security controls to mitigate these risks.
What are the benefits of implementing ISO 27001 Information Security Management System?
Implementing an ISO 27001 Information Security Management System (ISMS) can provide a range of benefits to an organization. Some of the key benefits include:
- Improved security: Implementing an ISO 27001 ISMS ensures that an organization has a structured approach to managing information security risks. It helps identify potential security threats and vulnerabilities and provides a framework for addressing them. This can help an organization to better protect its information assets and reduce the risk of security breaches.
- Compliance: Implementing an ISO 27001 ISMS can help an organization to comply with legal, regulatory, and contractual requirements related to information security. This can help to avoid penalties or fines that may result from non-compliance.
- Competitive advantage: Certification to ISO 27001 can be used as a marketing tool, demonstrating to customers and stakeholders that an organization takes information security seriously. This can provide a competitive advantage in industries where information security is a key concern.
- Improved business processes: Implementing an ISO 27001 ISMS requires an organization to document its processes and procedures for managing information security. This can help to identify inefficiencies or gaps in existing processes, and lead to improvements that can benefit the overall business.
- Increased trust: Implementing an ISO 27001 ISMS can help to build trust with customers, partners, and other stakeholders. It demonstrates a commitment to protecting sensitive information and can help to establish a reputation as a reliable and trustworthy organization.
A key strength of ISO/IEC 27001 is its ability to keep pace in an ever-changing cyber world.
Changes to ISO 27001 Information Security Management System
Name revised on 15 February 2022 (published date):
ISO/IEC 27001:2022 – Information Security, Cybersecurity and Privacy Protection – Information Security Management Systems – Requirements.
As a result, ISO/IEC 27001 Annex A is updated to align with ISO/IEC 27002:2022’s controls.
The major changes to the 2022 edition of ISO /IEC 27001 are as follows:
- Update of Annex A of the Standard to reflect ISO/IEC 27002:2022, i.e., category restructure
and have cut down the total number of controls from the existing of 114 to 93
- 11 new controls
- 24 merged controls
- 58 updated controls
The restructured (new categories) of controls have been consolidated from 14 to 4 as follows:
- People (8 controls): concerning individual people, such as remote working, screening, confidentiality, or non-disclosure agreements.
- Organisational (37 controls): concerning the organisation, such as policies for information, return of assets, information security for use of cloud services.
- Technological (34 controls): concerning technology, such as secure authentication, information deletion, data leakage prevention, or outsourced development.
- Physical (14 controls): concerning physical objects, such as storage media, equipment maintenance, physical security monitoring, or securing offices, rooms and facilities.
The 11 New Controls are:
- Threat intelligence
- Information security for use of cloud services
- ICT readiness for business continuity
- Physical security monitoring
- Monitoring activities
- Web filtering
- Secure coding
- Configuration management
- Information deletion
- Data masking
- Data leakage prevention
Transition requirements to ISO/IEC 27001:2022
(for existing ISO 27001:2013 certified clients)
Same as other management system standards, the transition period shall be within 3 years from the publication date of ISO 27001:2022 standard, i.e., you shall conform to the requirements of the revised Standard and transit by the deadline of 25 October 2025.
To ensure smooth transitions with minimal disruption, you should consider the following key activities for the transition:
- Familiarize yourself with the 93 Controls in the revised ISO 27001:2022
- Roll out training program for staff members involved in your ISMS operation
- Conduct gap analysis between your current system and the revised ISO 27001:2022 to help you better understand how your ISMS will be affected, and what will need to be adjusted to be compliant with the revised standard.
If you failed to transit by 25 October 2025, your existing ISO 27001:2013 certification will become invalid.
For more information regarding the revised Standard especially the new controls, you are encouraged to attend our ISO 27001:2022 transition training course.
GICG is accredited by Singapore Accreditation Council (SAC) and Joint Accreditation System of Australia and New Zealand (JASANZ) to offer certification for this latest ISO/IEC 27001:2022 standard.
If you are currently ready to be transited to this latest standard or a newcomer looking to be certified to this latest standard, we can swiftly provide the certification to assist you to stay ahead and comply to latest requirements.
Because it is a management system standard, it aligns with other globally recognized standards like ISO/IEC 27701 (privacy management), ISO 9001 (quality management) and ISO 22301 (business continuity).
This alignment allows you to implement the requirements of several of these standards within your organization with minimal effort while benefiting from the synergy effects.
Other cybersecurity services
Besides ISO/IEC 27001, GICG is authorized by Infocomm Media Development Authority (IMDA) and Cyber Security Agency of Singapore (CSA) for the following schemes to meet your data protection/ cybersecurity needs:
IMDA : Data protection trust mark schemes.
CSA: Cyber essential mark, cyber essential mark for CMS and cyber trust mark
For more information on how GICG can help support you in your journey to cyber security:
We can support you whether you want a smooth transition or first certification to ISO/IEC 27001:2022 and/or looking to be certified for other schemes such as data protection and cyber essential or trust mark etc. GICG can provide one-stop solutions to meet your certification needs.
For more information about the article, you may contact:
Lydia Annie Ho
Marketing Manager
Email               : lydiaannie.ho@gicgrp.com
Tel                   : +65 6742 3075
Tan Sim Bee
Certification Manager
Email               : simbee.tan@gicgrp.com
Tel                   : +65 6742 3075