The ISO/IEC 27001:2022 standard outlines the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
Baker Tilly Kuwait offers ISO 27001:2022 consulting services to help businesses achieve certification under this standard.
Why Pursue ISO/IEC 27001:2022 Certification?
This international standard is designed to create a framework that preserves the confidentiality, integrity, and availability of information through a robust risk management process. Achieving ISO 27001:2022 certification assures stakeholders that an organization effectively manages its information security systems.
What is the Role of Certification Bodies?
ISO/IEC 27001:2022 certification bodies are responsible for auditing and verifying organizations’ ISMS compliance with the standard’s requirements. Baker Tilly Kuwait provides consulting services to help organizations meet these requirements and prepare for the certification process.
Certification Process Overview
- Stage 1 Audit: Auditors review the ISMS design and documentation.
- Stage 2 Audit (Certification Audit): This audit focuses on the effectiveness of implemented controls. The certification body makes the final certification decision.
- Surveillance Audit: Conducted annually post-certification to ensure ongoing compliance.
Note: The International Organization for Standardization prohibits certification bodies from consulting and advisory services to clients during the audit process.
Regulatory Requirements
According to the Central Bank of Kuwait’s circular dated July 11, 2019, It was annoucned that is mandatory for all banks must obtain ISO 27001 certification from an accredited body by December 31, 2020, and maintain its validity after that accordingly.
Baker Tilly Kuwait’s Consulting Role
Baker Tilly Kuwait employs IRCA-certified ISO 27001:2022 Lead Auditors to assist organizations in qualifying for certification. Our consulting services include:
- Gap analysis
- Developing ISMS manuals
- Training sessions
- Implementation Supervision
- Internal audits
- Technical support during certification
If organizations seek internal auditors, Baker Tilly Kuwait provides the Internal Audit function as an external resource.
Important Note: Baker Tilly does not issue ISO/IEC 27001:2022 certifications.
What Are the New Requirements and Controls in ISO 27001:2022?
-
New Requirements in ISO/IEC 27001:2022
Several clauses were reworded or reordered in ISO/IEC 27001:2022. There are minimal new requirements in clauses 4-10. However, the change in clause 4.4 will significantly impact how an organization manages its ISMS. New requirements include:
- Clause 3 – added links for ISO and IEC databases
- Clause 4.2(c) – added new bullet
- Clause 4.4 – added a requirement to establish, implement, maintain, and continually improve processes and their interactions.
- Clause 5.1 – added Note to clarify the term “business”
- Clause 6.3 – added a new section for “Planning of Changes”
-
New Controls in ISO/IEC 27001:2022
- The ISO/IEC 27001:2022 now has 93 controls compared to 114 controls in ISO/IEC 27001:2013.
- 11 new controls were introduced in the 2022 version of the standard.
- 56 controls in ISO/IEC 27001:2013 have been merged into 24 controls in ISO/IEC 27001:2022.
Overall, many of the controls in the 2022 version have undergone some form of text change.
Benefits of ISO/IEC 27001:2022 Certification
Achieving ISO 27001:2022 certification provides several advantages, including:
- Demonstrating commitment to security practices, enhancing your organization’s reputation.
- Opening new business opportunities backed by credible security claims.
- Ensuring compliance with regulatory and legal requirements.
- Distinguishing your organization from competitors in the market.
Why Baker Tilly?
Choosing Baker Tilly Kuwait for your ISO 27001:2022 consulting needs means partnering with a team of experienced professionals dedicated to your success. We prioritize your organization’s goals and work collaboratively to ensure a smooth certification process. With Baker Tilly, you gain a trusted ally in navigating the complexities of ISO 27001:2022, empowering you to enhance your security posture and achieve compliance with confidence.