Embracing the latest in cyber security:
an administrator’s guide to ISO 27001:2022
As a pensions administrator, we understand the importance of securing sensitive information and protecting our systems. With the ever-evolving landscape of cybersecurity threats, it’s vital for us to stay updated with the latest industry standards. The recent release of ISO 27001:2022 marks a significant step in this direction, offering a more relevant and harmonised approach to information security management. In this blog post, we’ll discuss the key changes in the updated standard and how administrators should be preparing for the transition.
The essential framework
ISO27001 is an indispensable framework for the safe and secure operation of pensions administration, as it provides a comprehensive set of guidelines for managing information and cyber security risks. Pensions administrators deal with sensitive and confidential data, such as personal and financial information of members and their beneficiaries. Ensuring the highest level of data protection is crucial, as any unauthorised access or misuse of this information could lead to devastating consequences, eroding trust in the pension system and causing long-lasting financial repercussions. By adopting ISO27001, administrators can demonstrate their commitment to maintaining the highest standards of information and cyber security, mitigating risks, and assuring stakeholders that their data is safeguarded with utmost care. It really is an essential standard that administrators should not be without.
Why ISO 27001 is changing?
The world has undergone significant transformations in recent years, which has in turn impacted the threat landscape. As a result, there was a need to update ISO 27001 to ensure that the controls and guidance are more relevant to the current environment. Moreover, the cybersecurity industry has matured, leading to a greater alignment with cyber concepts. The new harmonised approach to ISO Management System Standards provides a simplified and consistent structure, ensuring that the system is based on clearly defined processes.
Key Changes in ISO 27001:2022
The revised standard introduces the five core cybersecurity framework functions of Identify, Protect, Detect, Respond, and Recover. These functions help organisations to manage cybersecurity risks to systems, people, assets, data, and capabilities. They also outline the appropriate controls to ensure the delivery of critical infrastructure services and support the ability to limit or contain the impact of a cybersecurity event.
Furthermore, ISO 27001:2022 includes 11 new controls that cover the following areas:
- Threat intelligence – Organisation
- Information security for cloud services – Organisation
- ICT readiness for business continuity – Organisation
- Physical security monitoring – Physical
- Configuration management – Technological
- Information deletion – Technological
- Data masking – Technological
- Data leakage prevention – Technological
- Monitoring activities – Technological
- Web filtering – Technological
- Security coding – Technological
- Our Path to Compliance
At the centre of any well run administration services should be a commitment to clients and members to ensure sensitive information is secure and well-managed. The updated ISO 27001:2022 standard ensures that a solid Information Security Management System is in place that enables the effective management of information and cybersecurity risks in line with current working practices and cyber concepts. By quickly embracing these changes and the revised standard, administrators can reaffirm their dedication to providing a secure and reliable service in the ever-evolving digital landscape.
We have achieved ISO/IEC 27001:2013 certification
Trafalgar House, the pensions administration specialist, has today announced it has achieved ISO/IEC 27001:2013 certification.27 May 2021
Gain valuable insights into the opinions and perspectives of pension scheme members regarding the integration and uptake of digital and online solutions by downloading our research report.Reading time: 15 minutes 24 February 2019
Why is eAdministration still not a reality?
In a digital world where investing, buying houses, shopping, changing jobs and finding love can be done online at the touch of a button, it’s hard to believe that administering pensions digitally would be at the difficult end of the scale. But, despite decades of development, it remains an unattainable goal for many schemes.13 April 2022