ISO/IEC 27001:2022 is the world's most recognised standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), it provides a systematic, risk-based approach to managing sensitive company information and ensuring its confidentiality, integrity, and availability.

The 2022 revision introduced a restructured Annex A with 93 controls across 4 themes — Organisational (37), People (8), Physical (14), and Technological (34) — replacing the 114 controls in 14 domains from the 2013 edition. New controls include threat intelligence, ICT readiness for business continuity, data leakage prevention, and secure coding.

🌍 India Context: ISO 27001 certification is increasingly required by Indian enterprise clients, government RFPs, BFSI sector vendors, and MNCs outsourcing to Indian IT/BPO firms. It is also strongly aligned with the DPDP Act 2023 security obligations.