
The digital threat landscape today is unrecognizable from 2013, with each year bringing new tech trends and threats. Distributed and hybrid workforces, cloud-native architectures, a culture of bring-your-own-everything, more cunning and sophisticated adversaries, Artificial Intelligence, and AI agents have redefined how entities think about data security.
In response, the ISO/IEC 27001 standard (long considered a cornerstone of cybersecurity governance) was revised in 2022 to help companies manage these emerging risks and operational realities.
Here’s what changed between the 2013 and 2022 versions:
The result? ISO/IEC 27001:2022 is more aligned with today’s risks and more demanding. The need to operationalize controls in cloud, hybrid, and decentralized environments means that traditional security approaches are no longer sufficient.
Thales supports your compliance journey with a comprehensive, cloud-ready portfolio built to help meet the demands of ISO/IEC 27001:2022. Our solutions address six essential categories, each designed to map the control areas and evolving risks outlined in the updated standard.
Leverage threat intelligence and behavioral analytics to detect and respond to evolving risks. Monitor data access and system activity across multi-cloud and hybrid environments. Support controls for threat intelligence, monitoring, and event management.
Encrypt data across all cloud platforms, at rest, in motion, and in use. Keep control of your encryption keys, even when data resides in the public cloud. Ensure data confidentiality and integrity in shared responsibility environments.
Identify and classify sensitive information across your data estate. Automate tagging and policy enforcement based on data type and sensitivity. Enable downstream controls like masking, encryption, and secure deletion.
Protect sensitive data from unauthorized access, sharing, or exfiltration. Apply tokenization, granular encryption, and user access controls. Limit internal and external threats while meeting compliance mandates.
Shield web applications and APIs from known and unknown threats. Use machine learning to detect bots, business logic abuse, and DDoS attacks. Ensure resilience for customer-facing digital services.
Strengthen user authentication with adaptive MFA and policy-based access. Support Zero Trust by ensuring the right people access the right data at the right time. Centralize identity governance across cloud and on-premise systems.
Thales delivers technology that supports ISO/IEC 27001:2022 compliance and improves operational resilience, visibility, and control.
The following table is a non-exhaustive mapping of how Thales products support the revised ISO/IEC 27001:2022 controls.
ISO 27001:2022 Control | Thales Product(s) | Solution |
A.5.7 – Threat Intelligence |
| Deliver proactive threat detection, behavioral analysis, and event correlation |
A.5.23 – Use of Cloud Services |
| Encryption, access policies, and data classification secure data in multi-cloud environments |
A.8.10 – Data Deletion |
| Enable secure erasure of data via crypto-shredding or automated deletion workflows |
A.8.11 – Data Masking |
| Protect sensitive fields through tokenization and masking to minimize exposure |
A.8.12 – Data Leakage Prevention |
| Prevent exfiltration through user access controls, policy enforcement, and encryption |
A.8.16 – Monitoring Activities |
| Real-time monitoring of access and activity for apps, APIs, and databases |
A.5.15 / A.5.17 – Access Control & Identity Verification |
| Deliver risk-based access policies, SSO, and adaptive authentication across services |
Achieving ISO/IEC 27001:2022 certification is a milestone, but maintaining trust, continuity, and resilience in the face of evolving threats requires more. Thales helps you go further by embedding security into every infrastructure, data, and identity stack layer.
Visit our ISO 27001:2022 solutions hub to explore how we can help accelerate your compliance and strengthen your business in the long term.