Considering Climate Change in ISO 27001

The International Organization for Standardization (ISO) and the International Accreditation Forum (IAF) have published two climate action amendments for existing and new management systems.  These amendments, which were published in February 2024, are part of ISO’s commitment to climate action and support the ISO London Declaration on Climate Change.

The amendments fall under Clauses 4.1 and 4.2.  Many organizations may already be considering the impact of climate change under these clauses as internal or external issues, and/or as part of understanding the needs and expectations of interested parties.  However, the amendments now make it a requirement that organizations explicitly consider climate change and incorporate any relevant aspects into their management system.

It should be noted that these changes are not a new standard, and there is no need for re-certification at this time. These short amendments are also available for free download.  To learn more about ISO’s revision process, read this article from Quality Digest.

Here are the changes, which fall under Section 4:

4.1 Understanding the organization and its context.

The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.

Text added to the end of subclause:
The organization shall determine whether climate change is a relevant issue. 

4.2 Understanding the needs and expectations of interested parties.

The organization shall determine:

    • Interested parties that are relevant to the information security management system.
    • The relevant requirements of these interested parties.
    • Which of these requirements will be addressed through the information security management system.

Note added to the end of subclause:
NOTE: Relevant interested parties can have requirements related to climate change.

MAKE ISO 27001 CERTIFICATION SIMPLE AND FOOLPROOF!


Our All-in-One Certification Package is a proven, efficient system. It gives you all you need to prepare for certification – in one simple to use package.

Customer Review:

"I have just passed my Audit with zero non-conformances for the second year in a row using your ISO products to write my entire QMS. Thank you for producing documents of this quality"

Bettye Patrick

Buy the Standard

27001 Store Logo  ISO 27001:2022