Has anyone gone through the ISO27001 certification recently under the newest 2022 rules?
For those who are seeking or have renewed their ISO27001 update, how was the process around Annex A section 8 on information governance (in the 2022 update)?
The update in 2022 added information governance to the requirements (retention/removal) but enforcement only started last month, April 2024, for teams seeking ISO27001 and those going through the re-cert. It seems most folks in the community are on the more lax ISO27001 2013.
PS: I may publish an article highlighting the topic itself, it seems to be something people haven't yet discovered as a new requirement.
