Nick Savage

How to Prepare for ISO 27001:2022

Dr Nick Savage – Head of Infrastructure, Security, and Compliance at Searchlight Cyber – provides an overview of the ISO 27001:2022 standard and how organizations can comply with the new threat intelligence requirements before the deadline in 2025.

WHat is iso 27001:2022

ISO 27001 is a standard for information security management systems (ISMS), designed to help organizations build resilience to cyberattacks, preparedness for new threats, and maintain data confidentiality, integrity, and availability. Compliance with ISO 27001 demonstrates to third parties – whether they are customers, partners, or investors – that an organization has systems in place to manage risks related to data security.

ISO 27001:2022 is an update of the previous 2013 standard and organizations need to comply with the new requirements by the end of October 2025. While that may seem like a long time away, it really isn’t when you consider all of the work that goes into the process of compliance: introducing additional controls, introducing new policies and procedures to document how you fulfill those controls, and having enough time to evidence that you have met the controls.

In this blog I am going to provide a short overview of some of the new elements of ISO 27001:2022 and give some advice, based on my own experience, on how CISOs and compliance managers can approach this new standard.


Looking for a quick overview? You can also watch my video for a summary in less than five minutes: 

What are the Biggest Changes in ISO 27001:2022?

There are a number of changes in the 2022 update of the ISO 27001 standard. This includes some reformatting of controls that were already required in the 2013 version but there are also some completely new thematic areas that organizations will now need to demonstrate their compliance against.

These additional requirements include (but are not limited to) data leak prevention, web filtering, business continuity of ICT systems, physical security monitoring, management of configuration changes, secure coding, and threat intelligence.

I’m going to focus on the threat intelligence requirement (Annex A, Control 5.7), which may be a completely new area for some organizations that don’t already have processes in place to collect and analyze information about threats.

What is meant by threat intelligence in the iso 27001:2022 standard?

The ISO 27001:2022 standard has very particular wording around the threat intelligence requirements: organizations have to be able to demonstrate a process for “collecting” and “analyzing” threat intelligence.

This means that the organization has to understand:

  • Which threat actors could target their organization.
  • The threat models they need to apply to their systems.
  • The vulnerabilities that exist in their systems.
  • The exploits that exist and could be used against those vulnerabilities.

They need to demonstrate that they collect information associated with each of these points and that the organization is able to analyze that intelligence, building it into threat assessments.

what software do you need to gather threat intelligence?

The software an organization needs to gather the necessary information about threats falls into two categories:

    1. Software that enables them to gather intelligence on threat actors – to facilitate understanding of who the business’s adversaries are, what they are doing, their motivations, and their capabilities.
    2. Software that gives them visibility into the threats within their IT estate – to identify the vulnerabilities that exist and could be potentially exploited by the threat actors they have identified.

Ideally, an organization will have software that combines these two elements – that can map all of the IT real estate, associate it with the vulnerabilities that exist, knowledge about how it could be exploited, and intelligence on the threat actors who could attempt to exploit those vulnerabilities. This is something that our dark web monitoring tool, DarkIQ, offers.

how can searchlight cyber help with iso 27001:2022?

One of the challenges of compliance is ensuring all of the policies, processes, and procedures are well documented and – critically – that the organization can evidence them. This is where a robust threat intelligence platform can have a great impact.

We used our product DarkIQ to demonstrate our compliance with the threat intelligence requirements of ISO 27001:2022. DarkIQ meets both the “collection” and “analysis” stipulations in an automated manner – continuously gathering threat intelligence, analyzing it, and presenting it to the end user in a non-technical format that makes it easy to make accurate and timely risk-based decisions.

This gave us the ability to demonstrate to the auditor that we are able to quickly identify threats that could impact our business. For example, DarkIQ would identify any staff credentials that are being sold or leaked, evidencing that we have the visibility we need to quickly take mitigative action against that risk.

DarkIQ also allowed us to show that we have full visibility of our IT infrastructure, all of the vulnerabilities that exist, and the known exploits that exist for those vulnerabilities – enabling us to take a risk-based approach to remediation.

Going Beyond Compliance

It is worth emphasizing that passing an audit should never be the end goal of implementing new security controls such as threat intelligence. Standards like ISO 27001:2022 provide a helpful framework and are important for ensuring a minimum level of security. However, all organizations should strive to implement controls that go beyond the “minimum” and truly have an impact in protecting their organization’s infrastructure, data, employees, customers, and partners. Meeting the new requirements for threat intelligence is a great first step.

GET IN TOUCH to find out more about DarkIQ and how our threat intelligence capabilities can help you meet – and surpass – compliance requirements.