All articlesCompliance

Preparing for ISO 27001:2023 — A Practical Guide

Step-by-step framework for adapting to the latest ISO standard updates.

SC
Sarah Chen
Head of Compliance·February 28, 2026·9 min read

ISO 27001:2023 reorganizes Annex A into four themes: Organizational, People, Physical, Technological. The structure is cleaner. The work to adapt is real.

What actually changed

  • The control set drops from 114 to 93 — through merging, not removal.
  • Eleven new controls cover threat intelligence, cloud services, ICT readiness, and secure coding.
  • The thematic grouping changes how you map and report, even when the underlying control is unchanged.

A practical migration path

Map your existing 2013 control language to the 2022/2023 themes first. Most teams discover 80% of the work is re-tagging, not re-implementing. Tackle the eleven new controls in a second pass — they are the genuine net-new effort.

Continue reading
Browse the full library →
All articles
We use a small set of cookies
Strictly necessary cookies keep the site working. Optional analytics cookies help us improve it - your choice.