Skip to Content

Embracing the latest in cyber security: an administrator’s guide to ISO 27001:2022

image description
image decription
Author: Claire Power, Risk & Compliance Manager
06 April 2023

Embracing the latest in cyber security:

an administrator’s guide to ISO 27001:2022

As a pensions administrator, we understand the importance of securing sensitive information and protecting our systems. With the ever-evolving landscape of cybersecurity threats, it’s vital for us to stay updated with the latest industry standards. The recent release of ISO 27001:2022 marks a significant step in this direction, offering a more relevant and harmonised approach to information security management. In this blog post, we’ll discuss the key changes in the updated standard and how administrators should be preparing for the transition.

The essential framework

ISO27001 is an indispensable framework for the safe and secure operation of pensions administration, as it provides a comprehensive set of guidelines for managing information and cyber security risks. Pensions administrators deal with sensitive and confidential data, such as personal and financial information of members and their beneficiaries. Ensuring the highest level of data protection is crucial, as any unauthorised access or misuse of this information could lead to devastating consequences, eroding trust in the pension system and causing long-lasting financial repercussions. By adopting ISO27001, administrators can demonstrate their commitment to maintaining the highest standards of information and cyber security, mitigating risks, and assuring stakeholders that their data is safeguarded with utmost care. It really is an essential standard that administrators should not be without.

Why ISO 27001 is changing?

The world has undergone significant transformations in recent years, which has in turn impacted the threat landscape. As a result, there was a need to update ISO 27001 to ensure that the controls and guidance are more relevant to the current environment. Moreover, the cybersecurity industry has matured, leading to a greater alignment with cyber concepts. The new harmonised approach to ISO Management System Standards provides a simplified and consistent structure, ensuring that the system is based on clearly defined processes.

Key Changes in ISO 27001:2022

The revised standard introduces the five core cybersecurity framework functions of Identify, Protect, Detect, Respond, and Recover. These functions help organisations to manage cybersecurity risks to systems, people, assets, data, and capabilities. They also outline the appropriate controls to ensure the delivery of critical infrastructure services and support the ability to limit or contain the impact of a cybersecurity event.

Furthermore, ISO 27001:2022 includes 11 new controls that cover the following areas:

  • Threat intelligence – Organisation
  • Information security for cloud services – Organisation
  • ICT readiness for business continuity – Organisation
  • Physical security monitoring – Physical
  • Configuration management – Technological
  • Information deletion – Technological
  • Data masking – Technological
  • Data leakage prevention – Technological
  • Monitoring activities – Technological
  • Web filtering – Technological
  • Security coding – Technological
  • Our Path to Compliance

At the centre of any well run administration services should be a commitment to clients and members to ensure sensitive information is secure and well-managed. The updated ISO 27001:2022 standard ensures that a solid Information Security Management System is in place that enables the effective management of information and cybersecurity risks in line with current working practices and cyber concepts. By quickly embracing these changes and the revised standard, administrators can reaffirm their dedication to providing a secure and reliable service in the ever-evolving digital landscape.

 

Next article Analogue to digital: why trustees need to embrace self-service
Back to articles

Further reading

Resources

Search for your scheme's contact details
To find the contact information for your pension scheme, simply enter its name in the search box below.