Transitioning to ISO 27001:2022

How does ISO 27001:2022 affect organisations that are
already certified to ISO 27001:2013?
 

When must I transition to ISO 27001:2022?

Organisations that have already certified their ISMS (information security management system) to ISO 27001:2013 have until 31 October 2025 to conform to ISO 27001:2022.

However, according to the IAF’s (International Accreditation Forum) revised guidance document, certification bodies must stop offering (re)certification to the 2013 edition of the Standard by 30 April 2024, so there may be less time to conform to ISO 27001:2022 than you thought.

Moreover, even if your organisation’s ISMS is recertified to ISO 27001:2013 by 30 April 2024, that certificate will expire on 31 October 2025 – even if it has been in place for less than three years (the normal duration of an ISO management system certificate).

We therefore advise you start adopting the 2022 Standard as soon as you can.

Should I wait to start my ISO 27001:2022 project?

Organisations should already be able to achieve certification to ISO 27001:2022.

If you intend to recertify against ISO 27001:2013, which should still be possible until 29 April 2024, you could still work against the 2022 control set. ISO 27002:2022 has an annex that compares its controls with the 2013 iteration of the Standard, so this should be relatively straightforward.

However, you will still need to compare these with the 2013 Annex A controls in your SoA (Statement of Applicability) if you are recertifying to ISO 27001:2013.

One advantage of implementing the new controls is that the new ISO 27002 is much more comprehensive and provides clearer guidance on control selection and implementation than the 2013 iteration did, thereby making your ISMS easier to implement and manage.

You should also find it relatively easy to achieve certification to ISO 27001:2022 later because your ISMS will already be based on the 2022 control set.

ISO 27001 resources

We have everything you need to transition your ISMS to conform to ISO 27001:2022.


Free resources

Products and services

Training courses

Pocket guide

Tools
  Free resources

Briefing: Unpacking your ISO 27001:2022 Transition Strategy

In this webinar, produced in association with Perry Johnson Registrars, IT Governance’s CEO Alan Calder explains how to transition your ISMS to conform to ISO 27001:2022.

Podcast

Steve Watkins is a renowned expert on ISO 27001. In this mini podcast, he discusses the 2022 iteration of the Standard and his book ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard.

Green paper: ISO 27001 and ISO 27002 – Transitioning to the 2022 standards

If you’re transitioning your ISMS to conform to ISO 27001:2022, download this free paper and discover:

  • An overview of the key changes to both ISO 27001 and ISO 27002;
  • Explanations of the ISO 27002 attributes, and how to create and use views;
  • Explanations of the 11 new controls and 6 noteworthy merged controls in the 2022 set;
  • A transitioning checklist; and
  • Our concluding thoughts on the new standards.

Download now

  Standards
  Training courses

Certified ISO 27001:2022 ISMS Transition Training Course

Certified ISO 27001:2022 ISMS Transition Training Course

  • Train with the ISO 27001 experts to understand the changes and new requirements in the ISO 27001:2022 standard.
  • Enhance your career by updating your ISO 27001 qualifications to ISO 27001:2022 versions.
  • Industry-leading course developed by the team that led the world’s first successful ISO 27001 implementation project.
  • Learn from anywhere with our instructor-led Live Online and self-paced options that allow you to study your way, keeping travel and costs to a minimum. Find out more.
  • Successful completion of this course and exam awards the ISO 17024-accredited ISO 27001:2022 Certified ISMS Transition (CIS TN) qualification and 7 CPD points. Your existing ISO 27001 qualifications will also be upgraded to IBITGQ ISO 27001:2022 qualifications.

Buy now

Also available as a self-paced online course

  Pocket guide

ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard

ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard

The perfect introduction to the principles of information security management and ISO 27001:2022.

An ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security, this pocket guide will ensure the ISMS you put in place is effective, reliable and auditable.

Buy now

  Tools

Gap analysis tool

Gap analysis tool

The ISO 27001:2022 Gap Analysis Tool will help your organisation identify the extent to which its information security control stance meets the requirements of ISO 27001:2022.

The tool is designed to support your organisation in its initial project planning of the ISMS security controls, and quickly and easily map your current information security measures against ISO/IEC 27001:2022 and Annex A controls aligned to ISO/IEC 27002:2022 requirements.

Buy now

Documentation toolkit

Documentation toolkit

  • Accelerate your ISMS implementation project with more than 140 customisable, ISO 27001-compliant documentation templates. View full contents
  • Save hours of work with implementation tools and expert guidance from the team who led the world’s first successful ISO 27001 certification project, including:
    • ISMS Overview
    • ISO 27001:2013 and ISO 27001:2022 Gap Analysis Tool
    • ISO 27002:2013 Controls Gap Analysis Tool
    • ISO 27001 Implementation Manager
    • ISO 27001:2013 Documentation Dashboard
  • Collaborate easily with multi-user access to the Cloud-based DocumentKits platform wherever you are.
  • Get compliant and stay compliant with more than 200 free annual updates – including to ISO 27001:2022.
  • Enjoy flexible payment options with a no-obligation annual subscription, which you can cancel at any time (T&Cs apply).

Buy now

Speak to an ISO 27001 expert

For more information about ISO 27001 and how we can help you implement an ISMS – whatever your size, budget or level of expertise – get in touch with one of our experts today.

Contact us

This website uses cookies. View our cookie policy
FREE CYBER
SECURITY
ASSESSMENT