Business Continuity Management in ISO 27002:2022
In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]