27001 & climate change

Like other ISO management systems standards, ISO/IEC 27001:2022 has just been amended to incorporate two small wording changes:

• “The organization shall determine whether climate change is a relevant issue” (clause 4.1);
  
  
• “NOTE: Relevant interested parties can have requirements related to climate change.” (clause 4.2).

So, it is fair to ask what has climate change got to do with information risk and security? Is it even relevant? Having been been mulling that over for quite some while now, I've come up with a dozen points of relevance:

For more on those twelve, read "Secure the Planet".

The clock in that image is a reminder that time is pressing, so here are half-a-dozen things information risk and security professionals can do to help.

1. Stress-test the business

• Include climate-change scenarios in risk workshops and continuity exercises.
• Identify critical infrastructure dependencies and cascading effects.
  
  

2. Build environmental integrity

• Integrate data analysis into sustainability plans.
• Clarify and address information risk and sustainability objectives.
  
  

3. Fortify for resilience

• Engineer and invest in resilient infrastructure, information services and supply chains.
• Identify and address dependencies and single points of failure
  
  

4. Secure remote working

• Strengthen security policies and controls for remote working.
  
  

5. Amplify awareness

• Integrate climate change risks into security training.
• Prepare for crisis-related cyber threats and misinformation.
• Enlist green security champions for infosec and sustainability messaging.
  
  

6. Collaborate for greater impact

• Share intelligence and best practices with internal and external stakeholders.
• Spread awareness and encourage action.

By incorporating climate change considerations into information risk and security management strategies and approaches, we can build more resilient organizations, protect critical infrastructures and mitigate the existential risks relating to this complex, widespread and evolving challenge.