The draft version of ISO/IEC 27002:2022 has triggered people all over the world, especially the people who are dealing with information security. Let’s understand what are the changes are going to happen.
The progressions have just been directed and made principally to improve on the execution: the quantity of controls has diminished from 114 to 93 and has put in 4 areas rather than the past 14. There are 11 new controls, while none of the controls has been erased, and many controls were merged.

The Areas That Remain The Same

The primary piece of the ISO 27001, i.e., Clause 4 to 10, continue as before.
These clauses include the,
  • Context of the organization: Interested Parties, Context, Scope
  • Leadership: Policy, Roles & Responsibilities
  • Planning and Operation: Risk Management
  • Support: Awareness, Communication, Document Control
  • Performance evaluation: Metric & Measurement, Internal Audit
  • Improvement: Corrective Action Plan
The up-gradation has been made in the security controls listed in ISO 27001 Annex A.
The controls that have remained same with the new control number,

Six changes in ISO/IEC 27002:2022

1. The Structure:

2. Number of controls

The new form has decreased the number of controls from 114 to 93.
Technological progressions, and an improvement to the comprehension of how to apply security practices, appear to be the explanations behind the adjustment of the number of controls.

3. New Controls

The following controls have been introduced in the new version of the standard,
  1. Threat intelligence
  2. Information security for use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

4. Renamed Control

For simple arrangement, twenty-three (23) controls have had their names changed.
To get the complete list of controls which are renamed in ISO/IEC 27002:2022 for free, please send us a message 

5. Merged controls

To accomplish more productive security fifty-seven (57) controls have been merged into twenty-four (24) controls by thinking about them in a solitary control.
To get the complete list of controls which are merged in ISO/IEC 27002:2022 for free, please send us a message.

6. Split Controls

Only one control from ISO/IEC 27001: 2013 has split in ISO/IEC 27002:2022,


For the expansion of eleven new controls in ISO/IEC 27002:2022, risk management and documentation will be the most prior activities to perform for an organization.
This is the place where the new ISO 27002 will bring the most worth – during the progress time frame, an organization will have a lot of best practices follow, as well as a new set of attributes to use to make controls selection more straightforward and more compelling.
What’s more on the grounds that ISO 27002 is very itemized, the organization actually has the opportunity to pick just the proper stuff for its current circumstance, it will assist the organization with making this change simpler.

Know More

Refer to our webinar content to understand the changes and know more about the new controls.
You can also contact us for a pro bono discussion and know more about how to implement these controls in your environment effectively or for a cybersecurity assessment.