Today, after much anticipation, ISO announced that ISO/IEC 27001:2022 has officially been published. Ever since ISO/IEC 27002:2022 was published in February of this year, the industry has waited for this—that includes Schellman.

If you’ve ever been in a car with someone who takes a speedbump anywhere above 10mph, at the time, you’ve probably thought, “didn’t you see that coming?!” Or maybe, “why didn’t they avoid that giant bump in the road?”

Ever seen those jugglers that manage to balance multiple spinning plates at the same time? As impressive as it is, you figure you’d be happy to spin just the one plate successfully. For cloud service providers (CSPs), you have lots of different proverbial compliance “plates” to choose to channel your effort into—the trick is knowing the differences and which is best for you.

Famed baseball player and possessor of a great name, Yogi Berra, once said, “When you come to a fork in the road, take it.”

ISO certifications in general have become popular tools used to demonstrate an organization’s compliance with certain standards. While ISO 27001 itself can give your customers quite a lot of reassurance, there’s also something to be said about combining it with ISO 9001 certification.

The below blog, originally dated January 26, 2023, has now been updated as the cited IAF MD 26 was updated on February 15, 2023. IAF MD 26 Issue 2 resulted in the following main changes that are now also detailed further within this article (ordered in terms of importance)

When making decisions about the kind of compliance your organization needs, the process can be akin to creating an ice cream sundae (albeit, less fun).

They say, “X marks the spot,” but in compliance, that’s not always a good thing.