If you’re a supplier in the aerospace or defense industry, especially in Boeing’s ecosystem, ISO/IEC 27001:2022 is no longer a nice-to-have. It’s a requirement. Boeing’s updated Terms of Use and Cybersecurity Supplement (SP5) now mandates this certification as a condition for working within its supply chain.

What Is ISO 27001?

ISO/IEC 27001:2022 is the global standard for Information Security Management Systems (ISMS). It helps organizations:

• Identify and manage security risks
• Protect sensitive data
• Strengthen resilience against cyber threats

Why It Matters Now

Boeing has embedded ISO 27001 into its purchasing terms. If you’re a current or potential supplier, failing to meet this requirement could put your contracts—or future business—at risk.

Key Deadline

Certificates under the 2013 version of ISO 27001 will expire after October 31, 2025. You must transition to the 2022 version before then to remain compliant.

What’s New in ISO 27001:2022

The 2022 update introduces:

• 11 new controls (e.g., Threat Intelligence, Data Masking, Cloud Policies)
• Streamlined categories: Organizational, People, Physical, Technological
• Simplified language and more alignment with risk-based strategies

Action Plan for Suppliers

To meet Boeing’s new requirements, you should:

• Review Boeing’s SP5 Terms of Use here: https://bit.ly/42gsaNa
• Conduct a gap analysis against the 2022 standard
• Update internal policies and procedures
• Schedule your certification audit ASAP

How SCB Can Help

IAPMO SCB is fully accredited to ISO/IEC 27001:2022 and can guide you through the process—from initial assessment to successful certification. Our team helps simplify compliance so you can stay focused on what matters.

Not sure if this applies to you? Reach out to Brett Pollock (Brett.Pollock@iapmoscb.org) to get started.