---
name: ISO 27001
authority: iso
jurisdiction: International
type: standard
status: active
enacted: 2022-10-25
effective: 2022-10-25
official_url: https://www.iso.org/standard/27001
last_verified: 2026-03-25
---

## Timeline

| Milestone | Date | Notes |
|-----------|------|-------|
| Published | 2022-10-25 | ISO/IEC 27001:2022 released |
| Transition deadline | 2025-10-31 | Organizations must transition from 2013 version |

---

## Information Security Controls (Annex A)

| Property | Value |
|----------|-------|
| Obligation | access-control |
| Sections | Annex A.5-A.8 |
| Status | active |
| Effective | 2022-10-25 |
| Verified | 2026-03-25 |
| Checked | 2026-03-25 |

### Requirements

| Requirement | Details |
|-------------|---------|
| Access control policy | Define and enforce access control rules |
| User access management | Formal registration and de-registration |

### Talking Point

> "ISO 27001:2022 restructured Annex A controls into **4 themes** (organizational, people, physical, technological) with **93 controls** replacing the previous 114."

### Sources

- [ISO 27001:2022](https://www.iso.org/standard/27001)

---

## Data Quality Requirements (Clause 7.5)

| Property | Value |
|----------|-------|
| Obligation | data-quality |
| Sections | Clause 7.5 |
| Status | active |
| Effective | 2022-10-25 |
| Verified | 2026-03-25 |
| Checked | 2026-03-25 |

### Requirements

| Requirement | Details |
|-------------|---------|
| Documented information | Maintain quality and integrity of ISMS documentation |
| Information classification | Classify information according to sensitivity |

### Talking Point

> "Clause 7.5 requires organizations to ensure documented information is **available, suitable, and adequately protected** throughout its lifecycle."

### Sources

- [ISO 27001:2022](https://www.iso.org/standard/27001)