Security ISO 27001:2022 – A New Version, the Same Goal: Top-Level Information Security

In an era of digital transactions and increasing cyber threats, trust in your technology partner is essential. FORDATA, a leading provider of Virtual Data Room (VDR) solutions in Central and Eastern Europe, has achieved certification for compliance with the ISO/IEC 27001:2022 standard—faster than the industry average.

Organizations have three years to adapt to the new ISO 27001 version, but FORDATA accomplished this transition in less than two years after its release. This notable achievement demonstrates that data security is not just a formality for us—it is our priority.

The ISO/IEC 27001:2022 certification, obtained in 2025, confirms that our processes align with the latest international standards for information protection.

Virtual Data Rooms are environments where businesses handle their most confidential data—from financial documents to contracts and personal information. In processes such as mergers and acquisitions, audits, due diligence, or IPO preparation, information security is not merely a technical matter—it is the foundation of the entire operation.

ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), designed to ensure the confidentiality, integrity, and availability of information—regardless of its form.

The 2022 version of the standard introduces several changes that better reflect modern realities, including digital transformation, remote work, and the growing scale of cyber threats.

What Benefits Does ISO 27001:2022 Bring to FORDATA Clients?

• Peace of mind that your sensitive data is stored and shared in accordance with the latest global standards.
• A partner committed to security—not just meeting minimum requirements but actively investing in protection.
• A competitive advantage—demonstrating to your business partners that you operate in a secure, certified environment.

Although the standard’s structure remains unchanged, the update introduces key changes that enhance the effectiveness of ISMS.

1. Updated Organizational Context

The standard now acknowledges climate change as a factor that may be relevant to the organization’s context. Stakeholders may also have specific requirements related to an organization’s environmental impact. Additionally, there is a new requirement for “planning changes” within the ISMS—meaning organizations must formally address system modifications.

2. Restructured Control Set

The number of controls has been reduced from 114 to 93, now grouped into four clear categories:

• Organizational controls
• People controls
• Physical controls
• Technological controls

This structure is more logical and intuitive, allowing businesses to manage risk more effectively and tailor security measures to actual needs.

3. 11 New Controls Introduced

Despite the lower total number, the updated standard includes 11 entirely new controls, 24 merged controls, and several expanded existing ones. Key new areas include:

• Cloud services management
• Data leakage prevention
• Secure information deletion
• Physical security monitoring

These additions reflect the current threat landscape and affirm FORDATA’s decision to pursue early certification to provide maximum security for clients.

4. Simplified, Unified Language

The updated standard uses clearer language, making implementation easier across organizations of all sizes—from startups to global enterprises.

Information security is more than just technology—it’s a holistic approach involving people, processes, and infrastructure. With ISO 27001:2022 certification, FORDATA VDR guarantees:

• Top-tier information security – our ISMS meets the latest global standards.
• Protection of sensitive and confidential data – your information is safeguarded against unauthorized access, loss, or tampering.
• Trust from partners and investors – using a certified solution enhances your credibility and inspires confidence.
• Compliance with legal and regulatory requirements – ISO 27001 supports compliance with data protection laws (e.g., GDPR), reducing the risk of penalties.
• Reliability and peace of mind – FORDATA continuously audits, monitors, and improves its security protocols.
• Professional risk management – threats are identified, assessed, and mitigated using proven methodologies.

Implementing the new standard is more than just updating procedures—it’s a signal to the market that the organization is proactive and responsive to evolving risks.

For FORDATA, this certification also reaffirms that our investments in information security are a strategic priority—not just a checkbox. As a result, our clients can focus on their core business, knowing their data security rests on the strongest possible foundation.

By choosing FORDATA VDR, you invest in a secure, compliant, and trustworthy environment for managing and sharing documents.