1. Home
  2. News
  3. PSP's Journey For ISO 27001:2022
PSP's Journey For ISO 27001:2022

In December 2023, we began our ISO journey to validate current processes and reassure our clients. This covered the refinement and updates to existing policies, procedures and work instructions to meet the new standard ISO 27001:2022.

We are currently in the embedding phase of our journey where all our staff have received our revised policies, procedures and work instructions including training and best practice. We are completing internal audits before going for external validation.  

To ensure our development team remains ahead of the curve, all developers attended a secure development course, which included proactive OWASP controls and covered GDPR and the current threat landscape. 

What is ISO 27001:2022? 

ISO 27001:2022 is the updated standard for Information Security Management Systems (ISMS), replacing the 2013 version. It provides a framework to safeguard sensitive information by ensuring its confidentiality, integrity and availability through a systematic risk management approach. The standard applies to businesses of all sizes and industries, incorporating updated requirements to address modern cybersecurity threats and aligning with ISO 27002:2022. 

The standard adopts a risk-based approach, requiring businesses to identify, assess and mitigate risks relevant to their operational context. It promotes continuous improvement by integrating information security into broader business processes, meeting stakeholder and regulatory expectations. 

Annex A: Control Categories 

Annex A of ISO 27001:2022 includes 93 controls, streamlined from 114 in the 2013 version, reorganised into four overarching themes: 

  1. Organisational (37 Controls): 

  • Policies, roles, responsibilities and risk management. 

  • Topics include supply chain security, threat intelligence, business continuity and compliance. 

  • New controls: Threat intelligence, information security for cloud services and ICT readiness for business continuity. 

  1. People (8 Controls): 

  • Focuses on human resources and reducing risks through training and awareness. 

  • Includes security roles, user access and awareness programmes. 

  1. Physical (14 Controls): 

  • Addresses securing physical premises, preventing unauthorised access and protecting equipment. 

  1. Technological (34 Controls): 

  • Covers technical measures such as encryption, network security, access control and vulnerability management. 

  • New controls: Endpoint security, data masking and web filtering. 

ISO 27001:2022 reflects current security challenges and equips businesses with a robust framework for managing risks, fostering trust and ensuring resilience in a connected world. Certification demonstrates a strong commitment to information security excellence. 

Since 2008, we have always been at the forefront of strategic digital transformation and committed ourselves to not just being service providers, but more importantly, strategic partners committed to the success of our clients. Would you like more information on the outsourced IT roles we supply? Discover our vast digital transformation portfolio here or contact one of our in-house experts today to discuss your exacting requirements.

29th January 2025
Share: