In the old version of ISO 27001:2013, A.11.1.2 Physical access controls - Requires that secured areas be protected by appropriate access controls to allow only authorized personnel to enter and exit; this requirement is referred to in the new version of ISO 27001:2022 as A. 7.2 Physical entry.
However, A.7.4 Physical security monitoring of the new version of ISO27001:2022 emphasizes active monitoring of premises (Premises) for unauthorized physical access, including installation of video monitors, installation & testing Alarm, external door and window installation alarm.
In auditing affairs, the entity entry control measures of ISO27001:2013 A.11.1.2 will be viewed from two aspects: active protection and passive protection. However, after the revision, the audit findings of active protection monitoring facilities and sensing instruments will be placed in A.7.4 physical security monitoring, and passive protection of access control, cabinets/computer rooms, etc. will be classified in A.7.2 Physical entry (Physical entry).
This will affect some ISO27001 users. Customers who have not implemented active protection against the security perimeter in the past may be included in improvement suggestions; in the future, it may constitute non-compliance and may be forced to spend some resources and energy to meet this requirement.
Comments