The revised standard for information security management systems was published in October 2022 by the international standards organisation. There are no major changes to the main text of the standard, but the significant change is to Annex A of the standard, which has been reorganised. The previous 114 controls which used to be grouped into 14 clauses have been reduced to 93 controls grouped into 4 topics. Eleven entirely new controls have been introduced, 24 controls have been derived from the merging of controls existing in the previous version, and 58 controls have been updated. The presentation of the control mechanisms has also been changed by dropping the description of ‘objective’.
Read our policy on certification to the new version of the standard here.