At Plentics, we prioritize staying ahead of the curve in information security to support our customers and partners. This commitment was demonstrated with our recent ISO 27001 annual audit, where we not only passed but also successfully transitioned to the latest ISO 27001:2022 standard. With this update, 11 new controls were introduced, 58 controls were updated, and 24 controls were consolidated, reflecting the evolving landscape of cybersecurity threats and requirements.

What’s New with ISO 27001:2022?

The 2022 update introduced several modernized controls, reflecting the evolving landscape of cybersecurity threats and cloud environments. Among the key additions are:

• Threat Intelligence (A.5.7): A proactive approach to identifying and mitigating emerging risks.
• Web Filtering (A.8.23): Strengthened defense against malicious web content.
• ICT Readiness for Business Continuity (A.5.30): Enhanced focus on ensuring resilience in disruptions.

These new controls, along with others, align closely with Plentics’ focus on secure, efficient, and client-oriented IT solutions. Our ability to seamlessly implement these changes showcases our readiness to tackle modern cybersecurity challenges.

Our Path to Certification

The transition process required a meticulous review of existing policies and the adoption of new practices. Through rigorous preparation and collaboration, we ensured full compliance while maintaining operational efficiency.

Looking Ahead: NIS2 Directive Compliance

While achieving ISO 27001:2022 certification is a significant milestone, we are already preparing for the practical requirements of the NIS2 directive, which has entered into force but is still being transposed into national legislation across EU member states.

However, most EU member states have not been able to complete the implementation on time. As of November 2024, only six member states had informed the Commission that the implementation was complete. This means that until the national laws implementing the directive are adopted, the obligations of the NIS2 Directive do not apply. Nevertheless, it is only a matter of time before these laws are adopted across the EU, and in Finland, this is expected to happen during the first quarter of 2025.

Thanks to the groundwork laid by our ISO 27001 compliance, Plentics is well-positioned to align with the requirements of NIS2. We are actively refining reporting processes and making targeted adjustments to ensure full readiness, demonstrating our commitment to remaining at the forefront of regulatory compliance.

For more information about how Plentics can help enhance your IT security and resilience, contact our experts today. Together, we’ll build a safer digital future.