Read time: 3 minutes
Welcome to The GRC Lab, a weekly newsletter where I provide actionable advice to help you launch, grow and accelerate your career in Governance, Risk and Compliance
Today at a Glance
Updates to the ISO 27000 Series
New Podcast Episode
I am excited to share that I have been a guest on the GRC Academy Podcast by Jacob Hill. We were, of course, talking about ISO 27001, discussing the history and origin of the standard, implementation guidance and the overall certification process. If you are in the Defense Industrial Base (DIB) and need to comply with CMMC, you should definitely check out his content and trainings.
Updates to the ISO 27000 Series
With more than 100 individual standards, the ISO 27000 series, is a treasure drove for GRC professionals. Following the latest revision of ISO/IEC 27001 in 2022, numerous standards have already received or are currently undergoing updates to enhance alignment.
Here is a look at some upcoming updates:
ISO 27000: The foundation of the ISO 27000 family of standards. Expect updates to the terms and definitions provided.
ISO 27003: Focused on ISMS implementation guidance, ISO 27003 must be updated due to the changes made to clauses 4 to 10 of ISO/IEC 27001.
ISO 27008: This document provides guidance on reviewing and assessing the implementation and operation of information security controls. We will hopefully see a more comprehensive approach in terms of how to assess compliance with the controls of Annex A. In my opinion, a much needed update.
ISO 27017: Aimed at providing guidance on the information security aspects of cloud services, ISO 27017 updates will address the unique challenges and security risks associated with cloud computing.
ISO 27018: This standard provides a code of practice for protecting personally identifiable information (PII) in public clouds acting as PII processors. The updates will reflect the changes made to Annex A of ISO 27001.
ISO 27019: Dedicated to the energy sector, the upcoming update will likely focus on aligning the standard with the latest developments in energy-related technologies.
ISO 27031: The standard for ICT readiness for business continuity will see updates to help organizations better prepare for, respond to, and recover from disruptive incidents involving ICT.
ISO 27701: This standard can be implemented as an extension to ISO/IEC 27001, to establish a Privacy Information Management System (PIMS). The update is necessary due to the changes made to Annex A.
If you want to learn more about the ISO 27000 series, you might enjoy the following video, explaining the relationships between the included standards.
ISO 27001 Starter Kit
I am also excited to announce that my ISO 27001 Starter Kit has received a significant update. The project plan now features over 300 tasks, making it far more comprehensive compared to the previous version with just over 100 tasks.
Refer Friends, Earn Rewards!
You’re just 1 referral away from the first of many free resources.
Thanks for reading The GRC Lab! Subscribe for free to receive new posts and support my work.