Does Sprinto support the ISO 27001:2022 version?

Yes, Sprinto supports the ISO 27001:2022 version. We make the process simple from start to finish. With Sprinto, you get a tool that streamlines everything and a team of experts who review your system. They’ll help you add new controls, track existing ones to ensure compliance and report any issues.

Do organizations need to relook at the ISO 27001 implementation process?

Yes, organizations should reexamine their ISO 27001 implementation process, especially with the updates introduced in ISO 27001:2022. While the changes from the 2013 version aren’t massive, they’re important enough to warrant attention. 

The good news is you don’t have to rush—there’s a three-year transition period to update your Information Security Management System (ISMS).

During the transition period to the new ISO 27001:2022 version, one area where your team might need to focus extra attention is the first control—threat intelligence.

This requirement is a key differentiator from earlier versions and other cybersecurity frameworks. It pushes organizations to recognize potential threats and precisely identify and understand them.

But waiting until the last minute might not be the best approach.

Why? Certification bodies may stop offering certifications for the older version well before the three-year deadline.

So, it is wiser to begin making such changes now. These changes can be small and sometimes are needed to ensure your ISMS is fully compliant with current standards and maintain your certification.

Another step towards the change process is to reflect on the new controls detailed in Annex A. These are intended to help you sync your defense mechanisms with the current threats and standards.

Don’t simply run with these new controls – instead, compare these to the ones you may have already implemented for the 2013 version. By entering into this comparison, you will be better suited to revising your SoA and keeping your organization’s ISMS both contemporary and effective.

• Review and update your risk treatment plan: Ensure it refutes the new controls in ISO 27001:2022.
• Update your Statement of Applicability (SoA): New controls have been established; reflect these in your processes and modify your current controls where necessary.
• Refresh your ISMS review process. Make sure it emphasizes constant enhancement in accordance with the most up-to-date guidelines.
• Revise your ISMS communication plan: Ensure everyone is notified and well aware of what changes can be expected from them in light of those changes.
• Reevaluate your ISO objectives: Ensure they are relevant to your organization’s goals and set new standards.

Ready to get started? Detangle the complexities of compliance with Sprinto