The new amendment affecting the ISO/IEC 27001:2022 AMD 1:2024 standard is auditable from May 2024 and marks a significant evolution in integrating sustainability alongside organizational security. This amendment was published by the International Organization for Standardization (ISO) on February 23, 2024, affecting sections 4.1 Understanding the organization and its context and 4.2 Understanding the needs and expectations of interested parties.
Now, we will delve into what this amendment entails and how we can effectively implement it within organizations:
What is it about?
The amendment to ISO/IEC 27001:2022 AMD 1:2024 highlights the growing link between organizational security and climate change. An Information Security Management System (ISMS) based on this standard can be a powerful ally in the fight against climate change. Implementing security measures not only protects an organization’s data but also contributes to a greater purpose, such as environmental sustainability.
Specific Changes in the Amendment
Determine the Relevance of Climate Change
- The organization must assess whether climate change is a relevant issue for its operations and information security. This analysis should be part of the organization’s context.
Consider Stakeholder Requirements Related to Climate Change
- A note has been added indicating that relevant stakeholders may have specific requirements related to climate change. It is essential to identify and consider these requirements within the ISMS.
How to Implement Changes to Comply with the New Amendment?
Implementing the amendment involves adopting specific measures. Here are three key actions to make this amendment effective:
- Review Suppliers and Services:
- Evaluate whether the organization’s suppliers are including Green Tech information and seals in their services (IaaS, PaaS, SaaS).
- Implement Policies for Secure and Sustainable Equipment Disposal:
- An effective option is to give equipment a second life through reuse by employees or external parties.
- Promote Remote Work:
- Remote work reduces commuting, lowering the carbon footprint associated with fossil fuel usage. Promoting remote work policies within organizations contributes to the fight against climate change.
Benefits of Implementing the Amendment
In a reality increasingly demanding sustainability, organizations that successfully implement these changes in their activities will be better positioned in the future. Adopting these measures not only complies with new security requirements but also demonstrates a commitment to environmental sustainability.
Implementing Amendment 1 to ISO/IEC 27001:2022 (AMD 1:2024) is crucial to maintaining the relevance and effectiveness of your ISMS in the face of climate change challenges. Follow these steps to ensure smooth integration and compliance with international information security standards.
Face this challenge with our team of experts!