In short, the updated version consolidates the security controls of the standard in four new categories; (1) organizational controls, (2) people controls, (3) physical controls and (3) technological controls. Also, a set of new controls are introduced, and a couple are modified or merged – all with the objective of supporting organizations to adapt to the everchanging risk landscape of the modern information security environment. Despite the document being labelled as a draft; it has been reviewed and commented on by the national bodies in several review rounds and is thus unlikely to receive any major changes. The current ballot round is due in the end of April and the target release date for the final version is late 2021.
