ISO 27001:2022 Annex 5.6: Contact with special interest groups

There are times when an industry, sector or even a like-minded group of organisations can improve performance and advance best practice by collaborating and communicating openly. The collective term for these groups, networks or bodies has been termed special interest groups within the 2022 version of the ISO 27001 standard.

Annex 5.6 of the ISO 27001 standard reflects the value that an organisation can gain from interacting with special interest groups such as professional associations, industry bodies and security forums.

Contact with special interest groups: what you need to know

Most organisations retain relationships with special interest groups of one form or another. Annex 5.6 is designed to ensure that knowledge and best practice relating to information security is exchanged with these groups where necessary. Within the Annex, it is noted that the requirement, purpose and implementation guidelines for contacting these groups should be documented and maintained.

There are a number of advantages to communicating and collaborating effectively with special interest groups. These include:

• Keeping up to date with best practice relating to information security
• Maintaining a current understanding of the information security environment
• Keeping in the loop on alerts and patches relating to the kinds of attacks and vulnerabilities that are prevalent in a given industry or sector
• Exchanging information relating to services, solutions and technologies that may benefit an organisation

What’s changed from ISO 27001:2013?

ISO 27001:2022 Annex A control 5.6 Contact with special interest groups was previously featured under control 6.1.4 of the ISO 27001:2013 standard. A number of small changes to the phrasing of the annex have been made In the 2022 version of the standard but the two are very similar in their composition and messaging.