Secure Controls Framework
Download The SCF
ISO 27001

How does ISO 27001:2022 differ from ISO 27001:2013?

Direct Answer

The primary change in ISO 27001:2022 was to Annex A, which was realigned with ISO 27002:2022. Annex A shrank from 114 controls in 14 domains to 93 controls in 4 themes: Organizational, People, Physical, and Technological. Eleven new controls were added covering threat intelligence, cloud security, data masking, and secure coding. The transition deadline for 2013 certifications was October 2025 - verify current status with your certification body.

Keep Exploring

Relevant Resources

References

Authoritative Sources