Informationssicherheit auf Basis der neuen ISO 27001
4. June 2024

Information security based on the new ISO 27001 certification

Information security based on the new ISO 27001 certification

The importance of information security in today’s digital world is undisputed.
Companies are constantly facing new challenges when it comes to protecting their data from threats such as cyberattacks, data leaks and unauthorized access.
ISO 27001, a globally recognized standard for information security management systems (ISMS), plays a central role in ensuring that companies protect their sensitive data in a systematic and effective way.
With the publication of the new ISO 27001 version, a lot has changed.
Companies that are already certified to this standard have until October 2025 to upgrade their certificates to the updated version.
For companies that want to maintain their certification or become newly certified, this means that they must implement the new requirements in good time.
In this blog post, we take a detailed look at the key changes to ISO 27001, what steps organizations should take now and how Syngenity® GmbH can help manage the transition to the new certification.

The most important changes in the new ISO 27001 version

One of the biggest changes in the updated ISO 27001 concerns Annex A, which describes a series of security measures that companies must implement as part of their ISMS.
While the previous version of the standard included 114 measures, this number has been reduced to 93.
This has been achieved by merging measures to avoid redundancy and to make the standard simpler and clearer.
At the same time, 11 new security measures have been introduced, reflecting the increasing threats and technological changes in the digital world. Here are some of the new measures that are particularly relevant for companies:

  1. Threat intelligence: Companies must now take proactive measures to detect threats at an early stage.
    This includes collecting and analyzing threat information in order to identify possible attack scenarios and develop preventive measures.
  2. Cloud security: In view of the growing use of cloud services, cloud security has been included in the standard.
    Companies must ensure that the cloud services they use are secure and meet the requirements of ISO 27001.
  3. ICT readiness: This measure emphasizes the need to integrate IT and communication technologies into business continuity management in order to be quickly operational again in the event of incidents.
  4. Data masking: To protect sensitive data, companies must ensure that data is masked when it is processed, transferred or tested.
  5. Data Leakage Prevention (DLP): The prevention of data leaks is another important topic in the new version.
    Companies must take measures to prevent the outflow of sensitive data.

In addition to these new measures, the updated version of ISO 27001 has also formulated existing requirements more clearly and brought them up to date.
For example, the importance of secure software development was emphasized in order to minimize vulnerabilities in applications.

Conversion to the new ISO 27001 version: What do companies need to consider?

For companies that are already certified to the old version of ISO 27001, the transition to the new version is unavoidable.
The deadline for the changeover is October 2025, which gives companies enough time to make the necessary adjustments.
Nevertheless, it is advisable to start planning and implementing the new requirements at an early stage to ensure a smooth transition. The changeover to the new ISO 27001 version can take place in several steps:

  1. Gap analysis: Companies should carry out a detailed analysis of their existing ISMS structure to determine which gaps exist in comparison to the new requirements.
    This can either be carried out internally or accompanied by external consultants.
  2. Adaptation of security measures: Based on the gap analysis, companies need to revise their security measures.
    Particular attention should be paid to new measures such as cloud security or threat intelligence.
  3. Employee training: As information security is not only a technical challenge, but also an organizational one, it is important that all employees are informed and trained about the new requirements and measures.
  4. Audit preparation: As soon as the new requirements have been implemented, companies must prepare for the external certification audit.
    It can be helpful to carry out an internal audit in advance to ensure that all requirements are met.
  5. Certification: The final step is the certification audit carried out by an independent, accredited certification body.
    If the company meets all the requirements, the new certificate is issued.

Support from Syngenity® GmbH

Converting to the new ISO 27001 version can be a challenge for companies, especially if they do not have the internal resources or expertise to manage the process independently.
This is where Syngenity® GmbH comes in.
As experts in information security and ISO certifications, we offer comprehensive support in implementing the new requirements. Our services include:

  • Gap analysis: We help you to identify the gaps between your current ISMS structure and the new requirements of ISO 27001.
  • Consulting and implementation: We support you in the development and implementation of security measures that comply with the new standards.
  • Training: We train your employees in the new requirements and ensure that they have the necessary knowledge and skills to effectively support information security in the company.
  • Audit preparation: We prepare you for the certification audit and ensure that you meet all requirements.

Conclusion

The new version of ISO 27001 brings significant changes and new requirements that companies must implement by October 2025.
Timely and careful planning is crucial to ensure a smooth transition to the new version.
Companies that successfully implement the new ISO 27001 measures will not only strengthen their information security, but also increase their resilience to future threats.
If you need support with the transition to the new ISO 27001 version, Syngenity® GmbH is here to help.
Contact us today at www.syngenity.de to receive a no-obligation quote and ensure your organization meets the new requirements on time.

Consent Management Platform by Real Cookie Banner