← Back to all briefings

Developer · Credibility 85/100 · · 1 min read

SDLC governance briefing — ISO/IEC 27002:2022 reshapes control references

ISO and IEC published the 2022 revision of ISO/IEC 27002 on 15 February 2022, restructuring security controls that engineering governance teams map to SDLC and DevSecOps processes.

What happened: ISO/IEC 27002:2022 consolidated controls into four domains, introduced 11 new controls, and embedded modern practices like secure coding and cloud service governance.

  • Control mapping: Update internal policies linking SDLC activities, change management, and vulnerability remediation to the revised control IDs.
  • Documentation: Refresh statements of applicability and risk registers to reference the 2022 control structure.
  • Tooling alignment: Ensure DevSecOps platforms capture evidence for controls such as threat intelligence and secure development lifecycle.

Next steps: Coordinate with compliance and audit partners to migrate to ISO/IEC 27002:2022 mappings and educate engineering managers on new control expectations.

  • ISO/IEC 27002:2022
  • Security controls
  • DevSecOps
Back to curated briefings