This document provides an overview of the key changes between the 2013 and 2022 version of ISO 27001. New requirements are shown below. You will need to prepare for change and adapt your information security management system to meet the new requirements and transitional timelines. This document should be used in conjunction with the NQA Gap Analysis tool.
STRUCTURE OF ISO 27001:2022
The structure of ISO 27001:2022 follows the high level structure defined in Annex SL:
1. Scope
2. Normative references
3. Terms and definitions
4. Context of the organization
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance evaluation
10. Improvement
Annex A
5. Organizational controls
6. People controls
7. Physical controls
8. Technological controls
