SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Abstract
The ISO/IEC 27000-series standards provide an information security framework designed to assist organization in managing cyber-attack risks and improving their information security practices. It does this by setting out information security management system (ISMS) requirements and guidance, providing a systematic approach to risk management that focuses on people, processes, and technology. At the heart of this series is the ISO/IEC 27001 standard with its ISO/IEC 27002 companion, which are used internationally by organizations seeking to certify their ISMS. With the February 2022 publication of the third edition of ISO/IEC 27002, the stage has been set for a wave of changes for the ISO/IEC 27000-series that will also impact ISO/IEC 27001 certifications.
This session will highlight the changes for the third edition of ISO/IEC 27002 and explain the ramifications to the entire series, including anticipated timelines. The last such changes in 2013 had a significant impact on the security community and early indications are that the new ISMS requirements and guidance are non-trivial changes.