Most Information Security professionals have heard of the ISO/IEC 27000 series of documents, in particular 27001 and 27002. These documents are at the heart of defining an Information Security Management System of people, process, and technology to secure organizations. And many organizations are either assessed against it or maybe certified against it.

But frameworks are never static. We have certainly seen many of them updated, with the most recent updates of PCI-DSS (4.0.1), Critical Security Controls (8.1), NIST CSF 2.0 out in 2024 and the NIST Privacy Framework out in Q4 of 2025. There has on-going activity within the 27000 series to both add new documents to the series as well as to review and update existing documents.
In 2022 the main two documents in the series, 27001 and 27002 were updated, along with 27005. Updates of other documents have been coming out, with more on their way.

This 2022 update reorganizes the controls, merging several and adding new ones. Its organization of controls may be the biggest change, especially with the additional of various attributes for the controls. This will have a major impact on any pursuing ISO 27001 certification. And what further changes can we expect in the overall series?
At the end, participants will have a better understanding of the 2022 updates, what is coming for this series overall.
Overview and background
The main 27000 documents: 27001, 27002, 27005.
27002, new and old
What comes next for the series
Resources and further reading