ISO/IEC 27001 provides a framework for managing sensitive information and protecting it from risks like cyberattacks, data breaches and misuse. We have been accredited with ISO 27001:2013 since 2018 and this year, we decided to transition to the updated ISO 27001:2022 edition.
The new version reorganises controls, reducing them from 114 controls to 93 controls instead, with additional focus on cloud security, threat intelligence and data privacy. To ensure a smooth transition, we engaged a consultant who assisted us to perform a gap analysis. While many of our existing controls were strong, we identified areas for improvement, particularly in cloud security and integrated the new controls into our Information Security Management System (ISMS) framework.
Our team collaborated closely with the consultant, updating our Statement of Applicability (SOA) and security policies, while also providing tailored ISMS Awareness training for staff. These efforts not only ensured compliance but also fostered a stronger culture of security across UEMS.
In addition, we trained selected staff from various departments to conduct internal audits, enhancing our ability to maintain effective security practices. With the consultant’s support, we ensured a seamless transition, updating our documentation and preparing for the full ISO 27001:2022 transition in 2024.
