Changes in ISO 27001. There is a new 2023 version

Data publikacji: 30 March 2025

Changes in ISO 27001. There is a new 2023 version

On August 22, 2023, the Polish Committee for Standardization published a new version of the PN-EN ISO/IEC 27001:2023 standard, which replaced PN-EN ISO/IEC 27001:2017. Why is this change important for organizations?

Just one year after the publication of the ISO/IEC 27001 standard and the ISO/IEC 27002 guidelines (published in October 2022), we now have the new PN-EN ISO/IEC 27001:2023-08 standard, which withdraws PN-EN ISO/IEC 27001:2017.

In Poland, the ISO 27001 standard was introduced in 2007 as PN-ISO/IEC 27001:2007, replacing the Polish version of the British BS 7799-2 standard. Since then, it has been continuously updated to best align with market realities, technological advancements, and emerging threats.

The goal of the new standard is to promote a holistic approach to information security. A strong emphasis has been placed on integrating three areas: technology, people, and processes, with the argument that only in this way can the required level of security be ensured.

Why is the PN-EN ISO/IEC 27001 standard important?

The development of technology comes with an increasingly complex digital environment. Ensuring information security is a major challenge for organizations. This is where the PN-EN ISO 27001 standard comes in, helping organizations effectively manage risk and protect sensitive data.

The new version of ISO 27001 promotes a holistic approach that emphasizes the integrity, confidentiality, and availability of data. It enables organizations to adapt to current cyber threats and build a secure data processing framework, taking into account both external and internal risks.

By implementing ISO/IEC 27001:2023-08, organizations gain confidence that the information they process is protected against threats such as cyberattacks, data theft, unauthorized access, or IT system failures.

Training on changes in ISO/IEC 27001:2023

For Polish organizations striving for effective risk management, the change in the standard means the need to adapt to new guidelines. The ISO/IEC 27001 update is an important step—it will provide tools that will help better and more effectively protect data.

We encourage participation in training sessions. Our experts will present and discuss the changes, as well as prepare you for updating your information security management system.

Check the training program for ISMS (Information Security Management System).

Also read

Changes in the Management Board driving ambitious goals

Changes in the Management Board driving ambitious goals

Read more
PBSG at the CYBERŚLĄSKIE 2024 conference: Key takeaways and the role of risk analysis in cybersecurity

PBSG at the CYBERŚLĄSKIE 2024 conference: Key takeaways and the role of risk analysis in cybersecurity

Read more
The project for extending the KRI is being considered as a matter of urgency

The project for extending the KRI is being considered as a matter of urgency

Read more
Jacek Knopik with AW ISO 22301 certification

Jacek Knopik with AW ISO 22301 certification

Read more
See all the latest news

What do we do?

Information security

IT security

IT service management

Cybersecurity

Management control

Risk management

Business continuity management

Personal data security

erisk

Are you interested? Do you have any questions?

Let’s talk about your project!