As a result of an ever-changing global digital landscape and evolving cyber threats, cybercrime is growing more severe and sophisticated. To address this evolution and better tackle cybersecurity challenges, the International Organization for Standardization (“ISO”) has updated the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Controls for Information Security. An enhanced scheme, ISO/IEC 27001:2022, has now been introduced, with a structured implementation timeline starting in end-2022 and continuing through 2025.
This flyer summarises the changes in the enhanced 27001:2022 scheme compared with 27001:2013 and highlights the requirements and estimated timeline for 27001:2022 certification for those companies seeking certification for the first time or for currently certified companies. It also details how KPMG can help organisations in areas such as scoping, gap assessment, risk assessment/mediation, and pre-certification/certification with relation to the new scheme.
Henry Shek
Partner, Management Consulting
KPMG China
Brian Cheung
Partner, Management Consulting
KPMG China
Lanis Lam
Partner, Management Consulting
KPMG China
Connect with us
- Find office locations kpmg.findOfficeLocations
- kpmg.emailUs
- Social media @ KPMG kpmg.socialMedia