Press Release

TÜV SÜD Delivers Training Program on Transition to ISO/IEC 27002: 2022 to Help Companies Meet New Challenges in Information Security

TÜV SÜD recently delivered a non-profit online training program on transition to the ISO/IEC 27002: 2022 to explain the differences between the 2022 and 2013 versions of the standard and answer questions from participants. This training is designed to help participants understand the new requirements of ISO/IEC 27002, a supporting standard for ISO/IEC 27001 Information Security Management System Standard (Appendix A) and prepare for the subsequent transition. It also provides internationally recognized guidance for organization to implement information security controls.

The ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection — Information security controls was  officially published on February 15, 2022. This new version not only adjusts security controls with additions, deletions and mergers, but also integrates the original 14 security control chapters into 4 theme categories and reduces the original 114 controls to 93 items. In addition, it introduces additional control requirements for cybersecurity and privacy protection. 


Major changes in New ISO/IEC 27002: 2022 

Though this new standard can help enterprises implement more effective information security controls, it puts forward higher requirements for them. To help them respond effectively to the new situation, Mr. Yin Bing, Senior Information Security Expert and ISO/IEC 27001, ISO/IEC 20000 Registered Auditor from TÜV SÜD, interpreted key changes in ISO/IEC 27002:2022 and its impact on the original information security management system. He also sorted out the document structure and analysed the control mapping relationships between the new version and the old version, aiming to help companies gain necessary new knowledge to deal with challenges in the new standard. 

Mr. Yin also gave 3 professional suggestions for organizations who have already implemented or will implement this information security management system (ISMS). First, make a plan for the implementation of new controls, including the revision of process documents; second, consider the application of control attributes and organizational views; third, follow up notification of certification bodies for ISO/IEC 27001 transition.

更多

LinkedIn WeChat WeChat

Site Selector