ISO27001:2022 - Annex A 5.6 - What’s changed?

Threats to your organisation’s privacy and security are continuously on the rise, and it's more vital than ever to ensure your organisation implements measures to combat these threats. ISO27001 as a standard lays out the requirements to implement an efficient information security system within your organisation and with the introduction of the 2022 version of the ISO27001 standard, these requirements have been recategorised and further clarified. Annex A 5.6 is about contact with special interest groups.

What are special interest groups and why should these be tracked?

Special interest groups within the context of ISO27001 are external parties that focus on specific areas of information security and other related fields. These are groups of professionals, experts, and stakeholders that share a common interest in particular areas of information security and work to share knowledge, best practices, and trends in the industry.

Tracking these groups is important for various reasons. Special interest groups provide platforms for sharing their knowledge, the latest research, and any developments made in the field. In terms of cyber security, this can be particularly useful to stay on top of the latest threats, vulnerabilities, and how these can be mitigated. These organisations often develop specific guidelines and recommendations to help your business improve its cybersecurity posture and inform your approach to specific areas such as identifying and treating risks.

Some examples of the special interest groups related to your information security that you may want to track are:

• NIST (National Institute of Standards and Technology): Develops guidelines, standards, and best practices for information security such as the NIST Cybersecurity Framework.
• OWASP (Open Web Application Security Project): Provides free and open resources, guidelines, and tools for web application security.
• BCS (British Computer Society): Provides various resources and certifications in IT and information security.

What is Annex A 5.6?

Annex A 5.6 is all about contact with special interest groups and refers to the interactions with these specialist groups in the context of cyber security. This control aims to encourage organisations to engage with special interest groups to improve their knowledge regarding best practices and staying up-to-date with the latest relevant information regarding security. This also helps both parties - your organisation and the applicable special interest group - to benefit from any new ideas and knowledge that the other may have glossed over or missed. This control expects you and your business to demonstrate that you are engaging with these groups to enhance your ISMS and information security. 

Monitoring and staying up-to-date with these special interest groups is crucial for your compliance with multiple standards and to improve your overall security based on the latest guidance and advice. One such example of this requirement features in the NHS DSP (Data Security and Protection Toolkit), a self-assessment tool that must be completed by any organisation that wishes to access NHS data or systems, which has multiple areas which benefit from interactions with special interest groups. For example, evidence 7.1.4 which requires evidence of threat reports being proactively used to help prevent potential threats. 

So what’s changed?

ISO27002 is a standard closely aligned to ISO27001, and is essentially guidance on how to effectively implement an ISMS to ISO27001 standards. We can compare the changes in ISO27002 guidelines for each control to concretely ascertain what has changed with the ISO27001 version of the control. In terms of the 2013 standard, this control maps directly to A.6.1.4, contact with special interest groups, and very little has changed in its implementation guidance.

As with all controls in the updated 2022 guidelines, the purpose of the control is now stated within the standard. Fundamentally, this control is the same between both versions but with updated phrasing to streamline the control in the latest version.

How Harpe can help you implement Annex A 5.6

Our security professionals have developed Harpe, a revolutionary tool to cover all your organisation’s security needs. Harpe is the best tool on the market to make compliance with important standards like Cyber Essentials and ISO27001 quick and hassle-free. Harpe features guidance for implementing ISO27001 to the updated 2022 standard with everything you need. Our in-app checklist takes you through every step to implement a robust and secure ISMS within the new requirements.

Harpe helps you to keep track of any interested parties and stakeholders to help log your processes that are relevant to them and any actions that may be required. We also help you assign responsibility for the authority, and keep track of their contact methods.

Harpe helps you by allowing you to add your ‘Targets’, organisations and services you’d like to keep track of. We’ll keep you informed of what’s going on with these organisations, reporting any potential threats straight to your Harpe feed.

With constant updates and fast support, there has never been a better time to chase an ISO27001:2022 certification with Harpe.

‍

_{Image designed by Freepik}