ISO 27001, the international standard for Information Security, has been revised and published in October 2022, meaning Language Service Providers using the standard should begin planning their transition to the new edition to ensure certificates remain valid.

What’s New in ISO 27001:2022

The core Information Security Management System framework in clause 4 to 10 has only had minor changes to better align to ISO’s high-level common clause structure.

This includes the addition of clause 6.3 planning for change, and a more process-based approach in clause 4.

However, the controls in Annex A have been reorganised to align with the new ISO 27002:2022 standard.

The control set has been revised down from 114 to 93 controls, and these are now distributed across just 4 categories:

  • Organisational Controls,
  • People Controls,
  • Physical Controls,
  • Technological Controls.

Many of the controls, 58 of them, remain in place with an update. However, the standard has merged 24 controls and added 11 new ones.

Of the new controls, language service providers are likely to benefit from a more practical approach to information security for use of cloud services (5.23), which addresses the acquisition, use, management and exit from cloud platforms.

There are also new controls covering web filtering, threat intelligence and monitoring which can provide valuable risk mitigation for language service providers utilising home workers.

Approach to ISO 27001:2022 Transition

As an impartial certification body we cannot provide advice or consultancy to help you implement the requirements of ISO 27001:2022.

Some organisations will engage the services of a consultant, while others may choose to implement the changes themselves. There is no preferred option.

As part of the certification process our auditors will look for objective evidence that the requirements of the standard have been met and controls remain effective.

ISO 27001:2022 Certification for Language Service Providers

As the language industry specialist certification body, ATC Certification’s auditors are competent and knowledgeable in both the ISO 27001:2022 standard and the languages industry.

We can provide impartial certification for organisations to ISO 27001:2022 through a two-stage audit and review process. Find out more.

Three-Year ISO 27001:2022 Certification Transition

If you are currently certified to ISO 27001:2013 your current ISO 27001:2013 Certificate will remain valid until its expiry date, however you will need to make the transition to the new 2022 version of the standard within the 3-year transition period which ends in October 2025.

It’s important to allow time before the deadline to enable you to resolve any non-conformities or other issues that may occur.

Contact Us to discuss your transition options.