[To download this poster, visit: https://www.oeconsulting.com.sg/training-presentations] ISO/IEC 27001:2022, the latest international standard in information security, equips organizations with a powerful framework for safeguarding their digital assets and sensitive data. Published as an updated and robust version of its predecessor, ISO/IEC 27001:2013, this standard provides organizations with a systematic approach to establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). POSTER CONTENTS: 1. The Three Principles of Information Security (CIA Triad) - Confidentiality: Ensuring that information is accessible only to authorized users through encryption, access controls, and data classification. - Integrity: Maintaining data accuracy and trustworthiness while protecting it from unauthorized alterations. - Availability: Ensuring information and systems are accessible when needed, including measures to prevent disruptions. 2. ISO/IEC 27001:2022 Certification Transition Timeline - A visual roadmap for organizations transitioning from ISO/IEC 27001:2013 to ISO/IEC 27001:2022 by October 2025. - An alternate visual roadmap showing the main steps of the ISO/IEC 27001:2022 certification process. 3. The ISO/IEC 27001:2022 Approach is Based on the PDCA Cycle - Illustrates how ISO/IEC 27001:2022 follows the Plan-Do-Check-Act (PDCA) cycle, providing a systematic view of the framework. 4. The ISO/IEC 27001:2022 Key Clause Structure (4-10) Based on the High-Level Structure - Highlights the key clauses and sub-clauses of the ISMS based on the high-level structure. The ISO/IEC 27001:2022 Poster serves as a valuable tool in promoting information security awareness and understanding within your organization.

1. The ISO/IEC 27001:2022 Approach is Based on the
Plan-Do-Check-Act (PDCA) Cycle
ISO/IEC 27001:2022 Key Clause Structure (4-10)
ISO/IEC 27001:2022
Information Security Management System (ISMS)
© Operational Excellence Consulting. All rights reserved.
INFORMATION SECURITY MANAGEMENT SYSTEM
IMPLEMENT
& OPERATE
THE ISMS
ESTABLISH
ISMS
MAINTAIN
& IMPROVE
THE ISMS
MONITOR
& REVIEW
THE ISMS
Plan Do
Check
Act
INTERESTED
PARTIES
INFORMATION
SECURITY
REQUIREMENTS
&
EXPECTATIONS
INTERESTED
PARTIES
MANAGED
INFORMATION
SECURITY
PLAN DO CHECK ACT
4. Context of
the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10.
Improvement
4.1
Understanding
the organization
and its context
5.1 Leadership
and commitment
6.1 Actions to
address risks
and
opportunities
7.1 Resources 8.1 Operational
planning and
control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1
Nonconformity
and corrective
action
4.2
Understanding
the needs and
expectations of
interested
parties
5.2 Policy 6.2 Information
security
objectives and
planning to
achieve them
7.2 Competence 8.2 Information
security risk
assessment
9.2 Internal audit 10.2 Continual
improvement
4.3 Determining
the scope of the
ISMS
5.3
Organizational
roles,
responsibilities
and authorities
7.3 Awareness 8.3 Information
security risk
treatment
9.3
Management
review
4.4 Information
Security
Management
System
7.4
Communication
7.5 Documented
information
AVAILABILITY
Involves implementing
measures to prevent
and mitigate
disruptions, downtime,
or denial of service
attacks to ensure the
continuous availability
of critical systems and
data.
CONFIDENTIALITY
Involves ensuring that data is
only accessible to individuals
or systems with the proper
authorization, thus
maintaining the privacy and
secrecy of sensitive data.
INTEGRITY
Involves protecting data
from unauthorized
alterations, ensuring
that data remains
consistent and accurate,
and preventing
unauthorized
modifications.
Confidentiality
Integrity
Availability
INFORMATION
SECURITY
ISO/IEC 27001:2022 Certification Transition Timeline
2025
2024
Full conformance
with new standard
(October 2025)
Recertification
audits to new
standard
2022-
2025
2022
Transition to full
compliance
Published ISO/IEC
27001:2022
(October 2022)
Recertification
audits to new
standard
2023
Companies that are currently certified to
ISO/IEC 27001:2013 have to transition to
ISO/IEC 27001:2022 within 3 years of the
publication of the new standard
Three Key Principles of Information Security
(CIA Triad)

2. The ISO/IEC 27001:2022 Approach is Based on the
Plan-Do-Check-Act (PDCA) Cycle
ISO/IEC 27001:2022 Key Clause Structure (4-10)
ISO/IEC 27001:2022
Information Security Management System (ISMS)
© Operational Excellence Consulting. All rights reserved.
INFORMATION SECURITY MANAGEMENT SYSTEM
IMPLEMENT
& OPERATE
THE ISMS
ESTABLISH
ISMS
MAINTAIN
& IMPROVE
THE ISMS
MONITOR
& REVIEW
THE ISMS
Plan Do
Check
Act
INTERESTED
PARTIES
INFORMATION
SECURITY
REQUIREMENTS
&
EXPECTATIONS
INTERESTED
PARTIES
MANAGED
INFORMATION
SECURITY
PLAN DO CHECK ACT
4. Context of
the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10.
Improvement
4.1
Understanding
the organization
and its context
5.1 Leadership
and commitment
6.1 Actions to
address risks
and
opportunities
7.1 Resources 8.1 Operational
planning and
control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1
Nonconformity
and corrective
action
4.2
Understanding
the needs and
expectations of
interested
parties
5.2 Policy 6.2 Information
security
objectives and
planning to
achieve them
7.2 Competence 8.2 Information
security risk
assessment
9.2 Internal audit 10.2 Continual
improvement
4.3 Determining
the scope of the
ISMS
5.3
Organizational
roles,
responsibilities
and authorities
7.3 Awareness 8.3 Information
security risk
treatment
9.3
Management
review
4.4 Information
Security
Management
System
7.4
Communication
7.5 Documented
information
Three Key Principles of Information Security
(CIA Triad)
AVAILABILITY
Involves implementing
measures to prevent
and mitigate
disruptions, downtime,
or denial of service
attacks to ensure the
continuous availability
of critical systems and
data.
CONFIDENTIALITY
Involves ensuring that data is
only accessible to individuals
or systems with the proper
authorization, thus
maintaining the privacy and
secrecy of sensitive data.
INTEGRITY
Involves protecting data
from unauthorized
alterations, ensuring
that data remains
consistent and accurate,
and preventing
unauthorized
modifications.
Confidentiality
Integrity
Availability
INFORMATION
SECURITY
ISO/IEC 27001:2022 Certification Process
3 5 7
1 4 6
2
Implementation of
ISMS
Selection of a
Certification
Body
Stage 2 Audit Continual
Improvement
and Surveillance
Audits
Conduct Internal
Audit and Review
Result by Top
Management Stage 1 Audit
Confirmation of
Registration

3. The ISO/IEC 27001:2022 Approach is Based on the
Plan-Do-Check-Act (PDCA) Cycle
ISO/IEC 27001:2022 Key Clause Structure (4-10)
ISO/IEC 27001:2022
Information Security Management System (ISMS)
© Operational Excellence Consulting. All rights reserved.
INFORMATION SECURITY MANAGEMENT SYSTEM
IMPLEMENT
& OPERATE
THE ISMS
ESTABLISH
ISMS
MAINTAIN
& IMPROVE
THE ISMS
MONITOR
& REVIEW
THE ISMS
Plan Do
Check
Act
INTERESTED
PARTIES
INFORMATION
SECURITY
REQUIREMENTS
&
EXPECTATIONS
INTERESTED
PARTIES
MANAGED
INFORMATION
SECURITY
PLAN DO CHECK ACT
4. Context of
the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10.
Improvement
4.1
Understanding
the organization
and its context
5.1 Leadership
and commitment
6.1 Actions to
address risks
and
opportunities
7.1 Resources 8.1 Operational
planning and
control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1
Nonconformity
and corrective
action
4.2
Understanding
the needs and
expectations of
interested
parties
5.2 Policy 6.2 Information
security
objectives and
planning to
achieve them
7.2 Competence 8.2 Information
security risk
assessment
9.2 Internal audit 10.2 Continual
improvement
4.3 Determining
the scope of the
ISMS
5.3
Organizational
roles,
responsibilities
and authorities
7.3 Awareness 8.3 Information
security risk
treatment
9.3
Management
review
4.4 Information
Security
Management
System
7.4
Communication
7.5 Documented
information
AVAILABILITY
Involves implementing
measures to prevent
and mitigate
disruptions, downtime,
or denial of service
attacks to ensure the
continuous availability
of critical systems and
data.
CONFIDENTIALITY
Involves ensuring that data is
only accessible to individuals
or systems with the proper
authorization, thus
maintaining the privacy and
secrecy of sensitive data.
INTEGRITY
Involves protecting data
from unauthorized
alterations, ensuring
that data remains
consistent and accurate,
and preventing
unauthorized
modifications.
Confidentiality
Integrity
Availability
INFORMATION
SECURITY
ISO/IEC 27001:2022 Certification Transition Timeline
2025
2024
Full conformance
with new standard
(October 2025)
Recertification
audits to new
standard
2022-
2025
2022
Transition to full
compliance
Published ISO/IEC
27001:2022
(October 2022)
Recertification
audits to new
standard
2023
Companies that are currently certified to
ISO/IEC 27001:2013 have to transition to
ISO/IEC 27001:2022 within 3 years of the
publication of the new standard
Three Key Principles of Information Security
(CIA Triad)

4. The ISO/IEC 27001:2022 Approach is Based on the
Plan-Do-Check-Act (PDCA) Cycle
ISO/IEC 27001:2022 Key Clause Structure (4-10)
ISO/IEC 27001:2022
Information Security Management System (ISMS)
© Operational Excellence Consulting. All rights reserved.
INFORMATION SECURITY MANAGEMENT SYSTEM
IMPLEMENT
& OPERATE
THE ISMS
ESTABLISH
ISMS
MAINTAIN
& IMPROVE
THE ISMS
MONITOR
& REVIEW
THE ISMS
Plan Do
Check
Act
INTERESTED
PARTIES
INFORMATION
SECURITY
REQUIREMENTS
&
EXPECTATIONS
INTERESTED
PARTIES
MANAGED
INFORMATION
SECURITY
PLAN DO CHECK ACT
4. Context of
the
organization
5. Leadership 6. Planning 7. Support 8. Operation 9. Performance
evaluation
10.
Improvement
4.1
Understanding
the organization
and its context
5.1 Leadership
and commitment
6.1 Actions to
address risks
and
opportunities
7.1 Resources 8.1 Operational
planning and
control
9.1 Monitoring,
measurement,
analysis and
evaluation
10.1
Nonconformity
and corrective
action
4.2
Understanding
the needs and
expectations of
interested
parties
5.2 Policy 6.2 Information
security
objectives and
planning to
achieve them
7.2 Competence 8.2 Information
security risk
assessment
9.2 Internal audit 10.2 Continual
improvement
4.3 Determining
the scope of the
ISMS
5.3
Organizational
roles,
responsibilities
and authorities
7.3 Awareness 8.3 Information
security risk
treatment
9.3
Management
review
4.4 Information
Security
Management
System
7.4
Communication
7.5 Documented
information
AVAILABILITY
Involves implementing
measures to prevent
and mitigate
disruptions, downtime,
or denial of service
attacks to ensure the
continuous availability
of critical systems and
data.
CONFIDENTIALITY
Involves ensuring that data is
only accessible to individuals
or systems with the proper
authorization, thus
maintaining the privacy and
secrecy of sensitive data.
INTEGRITY
Involves protecting data
from unauthorized
alterations, ensuring
that data remains
consistent and accurate,
and preventing
unauthorized
modifications.
Confidentiality
Integrity
Availability
INFORMATION
SECURITY
ISO/IEC 27001:2022 Certification Transition Timeline
3 5 7
1 4 6
2
Implementation of
ISMS
Selection of a
Certification
Body
Stage 2 Audit Continual
Improvement
and Surveillance
Audits
Conduct Internal
Audit and Review
Result by Top
Management Stage 1 Audit
Confirmation of
Registration
Three Key Principles of Information Security
(CIA Triad)

5. © Operational Excellence Consulting. All rights reserved. 5
Operational Excellence Consulting is a management training and consulting
firm that assists organizations in improving business performance and
effectiveness. Based in Singapore, the firm’s mission is to create business
value for organizations through innovative design and operational excellence
management training and consulting solutions. For more information, please
visit www.oeconsulting.com.sg