Implementing ISO 27001:2022

How does ISO/IEC 27001:2022 affect organisations that are implementing
or planning to implement an ISMS?
 

If you are implementing or planning to implement an ISMS (information security management system) that conforms to ISO 27001:2013, the publication of ISO 27001:2022 will likely affect your project.

Learn more about implementing ISO 27001

When can I achieve certification to ISO 27001:2022?

Accreditation bodies such as UKAS (United Kingdom Accreditation Service) must be ready to assess certification bodies against new standards within six months of their publication, so you can already achieve certification against ISO 27001:2022.

All certification bodies must offer certification to only the 2022 edition of ISO 27001 from 30 April 2024.

This means that you can achieve certification against ISO 27001:2013 until 29 April 2024. However, all ISO 27001:2013 certificates will expire or be withdrawn on 31 October 2025 irrespective of how long they have been in place.

The IAF (International Accreditation Forum) confirms this timescale in its revised guidance document.

Can I implement the ISO 27001:2022 controls now?

Yes. In fact, we recommend you do, as we believe ISO 27002:2022 to be an improvement on the 2013 edition. It is much more comprehensive, and provides clearer guidance on control selection and implementation. It is also, unsurprisingly, better suited to today’s security landscape.

If you still want to implement ISO 27001:2013, you can use the new control set instead of the old Annex A. However, you will need to compare the 2022 set against the 2013 set in your SoA (Statement of Applicability). This should be relatively straightforward to do, because ISO 27002:2022 has an annex that compares its controls with the 2013 iteration of the Standard.

ISO 27001 resources

We have everything you need to ensure your ISMS conforms to whichever version of ISO 27001 you want to achieve certification against.


Free resources

Products and services

Training courses

Pocket guide

Tools
  Free resources

Podcast

Steve Watkins is a renowned expert on ISO 27001. In this mini podcast, he discusses the 2022 iteration of the Standard and his book ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard.

  Standards
  Training courses

Certified ISO 27001:2022 ISMS Foundation Training Course

Certified ISO 27001:2022 ISMS Foundation Training Course

  • Train with the ISO 27001 experts and get a comprehensive introduction to the features and benefits of ISO 27001:2022.
  • Industry-leading course developed by the team that led the world’s first successful ISO 27001 implementation project.
  • The Ely/online course provides the flexibility of attending our certified COVID-19 secure training centre or booking as an online learner.
  • Learn from anywhere with our instructor-led Live Online and self-paced online options that allow you to study your way, keeping travel and costs to a minimum. Find out more.
  • Successful completion of this one-day course and included exam awards the ISO 27001:2022 Certified ISMS Foundation (CIS F) qualification and 7 CPD/CPE points.

Book now

Certified ISO 27001:2022 ISMS Lead Implementer Training Course

Certified ISO 27001:2022 ISMS Lead Implementer Training Course

  • Train with the ISO 27001 experts and gain the skills to lead and manage an ISO 27001:2022-compliant ISMS implementation project.
  • Industry-leading course designed to help you deliver ISO 27001 compliance and enhance your career as an ISO 27001 professional.
  • The Ely/online course provides the flexibility of attending our certified COVID-19 secure training centre or booking as an online learner.
  • Learn from anywhere with our instructor-led Live Online or self-paced online options that allow you to study your way, keeping travel and costs to a minimum. Find out more.
  • Successful completion of this three-day course and included exam awards the ISO 27001:2022 Certified ISMS Lead Implementer (CIS LI) qualification and 21 CPD/CPE points.

Book now

Certified ISO 27001:2022 ISMS Lead Auditor Training Course

Certified ISO 27001:2022 ISMS Lead Auditor Training Course

  • Train with the ISO 27001 experts and gain the skills to deliver external certification and supplier audits against ISO 27001:2022.
  • Industry-leading course designed to help you build your career as an ISO 27001 auditor.
  • The Ely/online course provides the flexibility of attending our certified COVID-19 secure training centre or booking as an online learner.
  • Learn from anywhere with our instructor-led Live Online and self-paced online options that allow you to study your way, keeping travel and costs to a minimum. Find out more.
  • Successfully completing this five-day course and included exam awards the ISO 27001:2022 Certified ISMS Lead Auditor (CIS LA) qualification and 35 CPD/CPE points.

Book now

Certified ISO 27001:2022 ISMS Internal Auditor Training Course

Certified ISO 27001:2022 ISMS Internal Auditor Training Course

  • Train with the ISO 27001 experts and learn how to drive continual improvement within an ISO 27001:2022 ISMS.
  • Discover how to identify opportunities for improvement and take corrective action to maintain conformity to ISO 27001:2022.
  • The Ely/online course provides the flexibility of attending our certified COVID-19 secure training centre or booking as an online learner.
  • Learn from anywhere with our instructor-led Live Online and self-paced online options that allow you to study your way, keeping travel and costs to a minimum. Find out more.
  • Successful completion of this course and included exam awards the ISO 27001:2022 Certified ISMS Internal Auditor (CIS IA) qualification and 14 CPD/CPE points.

Book now

  Pocket guide

ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard

ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard

The perfect introduction to the principles of information security management and ISO 27001:2022.

An ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security, this pocket guide will ensure the ISMS you put in place is effective, reliable and auditable.

Buy now

  Tools

Gap analysis tool

Gap analysis tool

The ISO 27001:2022 Gap Analysis Tool will help your organisation identify the extent to which its information security control stance meets the requirements of ISO 27001:2022.

The tool is designed to support your organisation in its initial project planning of the ISMS security controls, and quickly and easily map your current information security measures against ISO/IEC 27001:2022 and Annex A controls aligned to ISO/IEC 27002:2022 requirements.

Buy now

Documentation toolkit

Documentation toolkit

  • Accelerate your ISMS implementation project with more than 140 customisable, ISO 27001-compliant documentation templates. View full contents
  • Save hours of work with implementation tools and expert guidance from the team who led the world’s first successful ISO 27001 certification project, including:
    • ISMS Overview
    • ISO 27001:2013 and ISO 27001:2022 Gap Analysis Tool
    • ISO 27002:2013 Controls Gap Analysis Tool
    • ISO 27001 Implementation Manager
    • ISO 27001:2013 Documentation Dashboard
  • Collaborate easily with multi-user access to the Cloud-based DocumentKits platform wherever you are.
  • Get compliant and stay compliant with more than 200 free annual updates – including to ISO 27001:2022.
  • Enjoy flexible payment options with a no-obligation annual subscription, which you can cancel at any time (T&Cs apply).

Buy now

Speak to an ISO 27001 expert

For more information about ISO 27001 and how we can help you implement an ISMS – whatever your size, budget or level of expertise – get in touch with one of our experts today.

Contact us

This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING