In October 2025, the second edition of ISO/IEC 27701 – Information security, cybersecurity and privacy – Privacy information management systems – Requirements and guidance was published. The major change is that the new edition of ISO/IEC 27701 has been revised as a separate standard for management systems. The standard sets out the requirements for establishing, implementing,…
The ISA/IEC 62443 series of standards represents the only globally consensus, comprehensive set of standards focused on Industrial Automation and Control Systems (IACS) security. This portfolio of standards and technical reports establishes a common vocabulary, risk model and control framework for industrial cybersecurity across industries. It addresses the entire security lifecycle of industrial systems, from initial…
ISO recently published the second edition of ISO/IEC 27018 – Guidelines for the protection of personal data in public clouds acting as PII processors. ISO/IEC 27018 provides guidelines for the protection of personal data in public cloud services, in particular when the cloud service provider acts as a processor of personal data. This standard, based on…
In today’s digitally connected world, continuity of information and communication technologies (ICT) is crucial to the continuous operation of any organisation. Ensuring digital resilience is becoming a priority, underlined by new regulations such as NIS 2 and DORA, which place significant demands on entities. ISO/IEC 27031 provides valuable guidance for managing ICT business continuity (IRBC) readiness,…
In May 2025, an updated ISO/IEC 27031:2025 – Cybersecurity – Information and communication technology preparedness for business continuity was released. What is ISO/IEC 27031? ISO/IEC 27031 provides guidelines for ensuring information and communication technology (ICT) readiness to support business continuity. It establishes a framework for ICT preparedness that aligns with broader business continuity objectives and helps…