نظام إدارة أمن المعلومات

ISO/IEC 27001:2022 is the international standard for Information Security Management Systems (ISMS). The 2022 update modernized the Annex A controls to address cloud security, threat intelligence, ICT readiness for business continuity, and other emerging security domains.

The 2022 version updated the control structure from 14 domains and 114 controls to 4 themes and 93 controls, introduced 11 new controls (including threat intelligence, cloud security, data masking), and eliminated or merged several outdated controls.

Annex A is a normative reference listing 93 information security controls organized across 4 themes: Organizational, People, Physical, and Technological. Organizations select applicable controls based on their risk assessment.

Yes. SAMA's Cyber Security Framework (CSF) is aligned with ISO 27001 concepts. ISO 27001 certification provides a strong foundation for meeting SAMA CSF requirements for financial institutions in Saudi Arabia.

Typically 4–9 months depending on organization size, scope, and current security posture. Organizations in highly regulated sectors often take longer due to the breadth of systems and processes in scope.