From evolving cybersecurity threats to ensuring data privacy and compliance, ISO/IEC 27001 provides a robust framework for organizations to establish an information security management system. By adhering to ISO/IEC 27001, companies can effectively manage risks, protect sensitive information, enhance customer trust, and demonstrate their commitment to data security in a rapidly evolving digital landscape.

What is ISO/IEC 27001 Information Security Management System?

Talk to our experts

SCS Contact

Main contact

Main contact

certints@singnet.com.sg

ISO/IEC 27001 is the leading international standard focused on information security. It was published by the International Organization for Standardization (ISO) in partnership with the International Electrotechnical Commission (IEC). ISO/IEC 27001 provides a framework to help organizations of any size or industry to protect their information in a systematic and cost-effective way.

ISO/IEC 27001 aims to protect three aspects of information: 

  • Confidentiality – only authorized persons have the right to access information, 

  • Integrity – only authorized persons can change the information, 

  • Availability – information must be accessible to authorized persons whenever it is needed. 

iso-iec-27001-information-security-cybersecurity-privacy-protection-information-security-management-system-certification

Transition to ISO/IEC 27001:2022 

ISO/IEC 27001 has been updated and the new ISO/IEC 27001:2022 was published on 25 October 2022, and is set to replace ISO/IEC 27001:2013 by 31 October 2025. Certified organizations are given three years to transit from ISO/IEC 27001:2013 to ISO/IEC 27001:2022. Therefore, by 31 October 2025, ISO/IEC 27001:2013 shall cease. The transition to ISO/IEC 27001:2022 could take place during surveillance, recertification or non-routine audits, and if the organization fails to transit to ISO/IEC 27001:2022 by 31 October 2025, the certification is no longer valid, and it will be treated as new client application whereby initial (stage 1 & 2) audit is required. In view of the changes from ISO/IEC 27001:2013 to 2022, additional time is required to verify the changes.  

Main Changes to ISO/IEC 27001:2022

  • Changes to Annex A of ISO/IEC 27001:2013 to align with the updates of ISO/IEC 27002:2022 which was published earlier in Year 2022, 
  • The changes to Annex A consist of changes to the number of controls and listing in the groups,  

  • The number of controls has decreased from 114 to 93 as most of the controls have been merged or renamed,  
  • The 93 controls have been restructured to four control groups or sections: organization controls, people controls, physical controls, and technological controls,   
  • Addition of 11 new controls which consist of threat intelligence, information security for the use of cloud services, ICT readiness for business continuity, physical security monitoring, configuration management, information deletion, data masking, data leakage prevention, monitoring activities, web filtering and secure coding,  

  • Additional new content added to clauses 4.2, 6.2, 6.3, 8.1 and 9.3,  
  • Minor changes to some of the terminology and restructuring of the sentences and clauses.  

iso-iec-27001-information-security-cybersecurity-privacy-protection-information-security-management-system-certification

Benefits of ISO/IEC 27001 Certification 

  • Protect the confidentiality of your information wherever it is, 

  • Increase your organization’s resilience to cyber attacks,  

  • Reduce information security costs, 

  • Respond to evolving security threats by constantly adapting to changes, 

  • Improve the organization’s culture, 

  • Demonstrate compliance to contractual obligations. 

iso-iec-27001-information-security-cybersecurity-privacy-protection-information-security-management-system-certification

Our Expertise

Why get certified with SOCOTEC Certification Singapore?

Certification to ISO/IEC 27001 by SOCOTEC Certification Singapore demonstrates that your organization placed emphasis on protecting your IT infrastructure and security of your information. SOCOTEC Certification Singapore is an accredited certification body for ISO 22301 and is ready to support your certification journey. We have built up a good track record to add value in delivering our services to you.

Certification to ISO/IEC 27001 by SOCOTEC Certification Singapore demonstrates that your organization placed emphasis on protecting your IT infrastructure and security of your information. SOCOTEC Certification Singapore is an accredited certification body for ISO 22301 and is ready to support your certification journey. We have built up a good track record to add value in delivering our services to you.

Would you like to know more about our Certification offers? Contact us

Contact us
certints@singnet.com.sg

Talk to our experts

SCS Contact

Main contact

Main contact

certints@singnet.com.sg