Updates to the ISO 27000 Series
With more than 100 individual standards, the ISO 27000 series, is a treasure drove for GRC professionals. Following the latest revision of ISO/IEC 27001 in 2022, numerous standards have already received or are currently undergoing updates to enhance alignment.
Here is a look at some upcoming updates:
ISO 27000: The foundation of the ISO 27000 family of standards. Expect updates to the terms and definitions provided.
ISO 27003: Focused on ISMS implementation guidance, ISO 27003 must be updated due to the changes made to clauses 4 to 10 of ISO/IEC 27001.
ISO 27008: This document provides guidance on reviewing and assessing the implementation and operation of information security controls. We will hopefully see a more comprehensive approach in terms of how to assess compliance with the controls of Annex A. In my opinion, a much needed update.
ISO 27017: Aimed at providing guidance on the information security aspects of cloud services, ISO 27017 updates will address the unique challenges and security risks associated with cloud computing.
ISO 27018: This standard provides a code of practice for protecting personally identifiable information (PII) in public clouds acting as PII processors. The updates will reflect the changes made to Annex A of ISO 27001.
ISO 27019: Dedicated to the energy sector, the upcoming update will likely focus on aligning the standard with the latest developments in energy-related technologies.
ISO 27031: The standard for ICT readiness for business continuity will see updates to help organizations better prepare for, respond to, and recover from disruptive incidents involving ICT.
ISO 27701: This standard can be implemented as an extension to ISO/IEC 27001, to establish a Privacy Information Management System (PIMS). The update is necessary due to the changes made to Annex A.
If you want to learn more about the ISO 27000 series, you might enjoy the following video, explaining the relationships between the included standards.