In November 2022, ISO introduced a new version of its popular ISMS framework namely ISO 27001. This ISO 27001:2022 will be the new standard to replace the ISO 27001:2013 version. The ISO expects that the certifications on the basis of 2013 version needs to be transitioned to the new version before November 2025.
However, as always “Compliance” is a journey and earlier one starts better it is. Naavi who has been a pioneer in recommending an indigenous framework PDPCSI (Personal Data Protection Standard of India) is in the forefront of education related to compliance of law related to Data Protection.
Naavi started his foray into the consultancy for Data Protection way back in 2000 with “CyLawCom” certification, and also developed a framework named IISF 309 (Indian Information Security Framework) compliant to ITA 2000, in March 2009. Subsequently Naavi shifted focus on Personal Data Protection and developed PDPCSI (Personal Data Protection Compliance Standard of India) as a framework for planning and implementing data protection compliance as per GDPR and the Indian personal data protection law as it is emerging.
PDPCSI already had incorporated several innovative thoughts that made it a better standard for compliance than the ISO 27701 specifically created for GDPR compliance. The concepts of Data Valuation, DTS and Distributed Responsibility were futuristic thoughts. In the past the PDPSI framework has been mapped to ISO 27701 as well as other frameworks to provide confidence to the market that PDPCSI is inclusive of all the best practices in the ISO 27701(which included ISO 27001:2013)
Now that ISO has come up with the new version, there is a need for the professionals to understand how PDPCSI current version compares with the proposed ISO 27001:2022.
With this objective in view, Naavi.org will start a series of articles to capture the essence of ISO 27001:2022. This will be the basis for the training on ISO 27001 that may emerge in due course from Cyber Law College/FDPPI.
While presenting ISO 27001:2022, we will try to provide relevant comparison to PDPCSI so that the body of knowledge developed would help understanding of both ISO 27001 and PDPCSI.
I am not sure of the time line for completion of this series since it will be done along with the other activities of Naavi. Since we are expecting the new version of DPDPB to be presented in the current Parliament there would be more activity related to the Training of DPOs in India and implementation of Privacy projects. Hence this series may take some time to complete. But just as we say “Little drops make the ocean”, we shall start stitching together some knowledge bits which will in due course will become useful.
In the past visitors to this website have said that ” Naavi.org is the wikipedia of Cyber Laws in India”. In the coming days, Naavi.org should also be called the wikipedia on ISO 27001.
Let’s hope that the almighty provides the time and energy to complete the project as soon as possible.
I request all of you to not only contribute your good wishes but also some thoughts of your own as guest articles are at least as comments to the article
Naavi