We've completed the transition to the latest edition of the world's leading information security standard - strengthening the protections that underpin every service we deliver.
We're proud to announce that YUDU Sentinel has successfully transitioned from ISO 27001 : 2013 to ISO 27001 : 2022 — the latest version of the international standard for information security management. This marks a significant milestone in our ongoing commitment to protecting the data and systems our customers depend on.
What is ISO 27001, and why does it matter?
ISO 27001 is the internationally recognised benchmark for information security management systems (ISMS). It sets out the requirements for how organisations identify, assess, and manage information security risks - covering everything from access controls and incident response to supplier relationships and business continuity.
For our customers, certification means one thing above all else: independent, third-party verification that YUDU Sentinel's security practices meet the highest global standards. It's not a self-assessment — it requires a rigorous external audit by an accredited certification body, and it must be maintained through regular surveillance audits.
Why this matters for you:
Whether you're an existing customer or evaluating Sentinel for the first time, our ISO 27001 : 2022 certification gives you confidence that your data is managed within a framework designed to withstand today's threat landscape — not the one that existed a decade ago.
From 2013 to 2022: what actually changed?
ISO 27001 : 2022 was published in October 2022 - the first major revision in nine years.
The world has changed considerably since 2013:
- Cloud computing has become the default
- Remote working is widespread
- Ransomware has become a headline risk,
- Supply chains have grown far more complex.
The 2022 edition reflects that reality.
Annex A: a modernised control framework
The most significant changes are in Annex A - the set of information security controls that form the backbone of any ISMS. The restructuring is substantial:
| Area |
ISO 27001 : 2013 |
ISO 27001 : 2022 |
| Total controls |
114 controls |
93 controls |
| Control categories |
14 domains |
4 themes |
| New controls |
- |
11 new controls |
| Merged controls |
57 separate controls |
Consolidated into 24 |
| Threat intelligence |
Not explicitly required |
Required (A.5.7) |
| Cloud security |
Limited coverage |
Dedicated control (A.5.23) |
| Language an framing |
IT-specialist orientated |
Management-accessible |
The reduction from 114 to 93 controls doesn't mean weaker security - it reflects the merging of overlapping requirements and a cleaner, more logical structure. The 2013 version's 14 domains have been replaced by four clear themes:
- Organisational controls
- People controls
- Physical controls
- Technological controls
The 11 new controls - and what they mean in practice
Perhaps the most telling aspect of the 2022 revision is the eleven brand-new controls that have been introduced. They reveal exactly where the standard needed to catch up with the modern threat environment. Here are the ones most relevant to our customers:
-
Threat intelligence (A.5.7) - Active collection and analysis of threat data to anticipate and mitigate emerging risks - not just reactive monitoring.
-
Cloud service security (A.5.23) - Formalised security standards across all cloud services used — reflecting how central cloud infrastructure has become.
-
ICT supply chain security (A.5.21) - Rigorous management of security requirements throughout the technology supply chain, addressing third-party risk at depth.
-
Data masking (A.8.11) - Formal requirements for masking personal and sensitive data, aligned with privacy regulations including GDPR.
-
Web filtering (A.8.23) - Controls to manage and restrict access to external websites and online resources, reducing exposure to web-borne threats.
-
Data leakage prevention (A.8.12) - Technical and organisational measures to detect and prevent the unauthorised transfer of sensitive information.
The broader context: why the 2022 standard is more relevant today
The nine years between the 2013 and 2022 editions saw fundamental shifts in how organisations operate and where risks originate. The 2013 version reflected a world where cloud services were still emerging, remote working was the exception rather than the rule, and the attack surface facing most organisations was comparatively contained.
ISO 27001 : 2022 acknowledges the complexity of modern operations: distributed workforces, interconnected supply chains, cloud-first architectures, and a threat landscape in which ransomware, data extortion, and supply chain attacks have become routine headlines. Its emphasis on continuous monitoring over periodic review, and on integrating security thinking into everyday operations, reflects a more mature and realistic model of how security must work.
For customers of YUDU Sentinel, this means our certification is grounded in a framework that is genuinely current - designed for the environment in which we all operate today.
What this means for customers
If you're an existing YUDU Sentinel customer, this transition is seamless on your end - there's nothing you need to do. Our certification status has been maintained continuously throughout the process, and the transition has been completed without any disruption to our services or the security controls that protect your data.
If you are in procurement, legal, or compliance and require documentation of our certification - you can find out more via our Accreditations page.
Looking ahead
ISO 27001:2022 is not a destination - it's a framework for continuous improvement. We will continue to evolve our ISMS as threats develop, as our services grow, and as the standard itself is refined.
Our certification is reviewed annually and recertified on a three-year cycle, with full transparency to our customers throughout.
