When must I transition to ISO 27001:2022?
Organisations that have already certified their ISMS (information security management system) to ISO 27001:2013 have until 31 October 2025 to conform to ISO 27001:2022.
However, according to the IAF’s (International Accreditation Forum) revised guidance document, certification bodies must stop offering (re)certification to the 2013 edition of the Standard by 30 April 2024, so there may be less time to conform to ISO 27001:2022 than you thought.
Moreover, even if your organisation’s ISMS is recertified to ISO 27001:2013 by 30 April 2024, that certificate will expire on 31 October 2025 – even if it has been in place for less than three years (the normal duration of an ISO management system certificate).
We therefore advise you start adopting the 2022 Standard as soon as you can.
Should I wait to start my ISO 27001:2022 project?
Organisations should already be able to achieve certification to ISO 27001:2022.
If you intend to recertify against ISO 27001:2013, which should still be possible until 29 April 2024, you could still work against the 2022 control set. ISO 27002:2022 has an annex that compares its controls with the 2013 iteration of the Standard, so this should be relatively straightforward.
However, you will still need to compare these with the 2013 Annex A controls in your SoA (Statement of Applicability) if you are recertifying to ISO 27001:2013.
One advantage of implementing the new controls is that the new ISO 27002 is much more comprehensive and provides clearer guidance on control selection and implementation than the 2013 iteration did, thereby making your ISMS easier to implement and manage.
You should also find it relatively easy to achieve certification to ISO 27001:2022 later because your ISMS will already be based on the 2022 control set.
ISO 27001 resources
We have everything you need to transition your ISMS to conform to ISO 27001:2022.
Products and services
Briefing: Unpacking your ISO 27001:2022 Transition Strategy
In this webinar, produced in association with Perry Johnson Registrars, IT Governance’s CEO Alan Calder explains how to transition your ISMS to conform to ISO 27001:2022.
Green paper: ISO 27001 and ISO 27002 – Transitioning to the 2022 standards
If you’re transitioning your ISMS to conform to ISO 27001:2022, download this free paper and discover:
- An overview of the key changes to both ISO 27001 and ISO 27002;
- Explanations of the ISO 27002 attributes, and how to create and use views;
- Explanations of the 11 new controls and 6 noteworthy merged controls in the 2022 set;
- A transitioning checklist; and
- Our concluding thoughts on the new standards.
Certified ISO 27001:2022 ISMS Transition Training Course
- Train with the ISO 27001 experts to understand the changes and new requirements in the ISO 27001:2022 standard.
- Enhance your career by updating your ISO 27001 qualifications to ISO 27001:2022 versions.
- Industry-leading course developed by the team that led the world’s first successful ISO 27001 implementation project.
- Learn from anywhere with our instructor-led Live Online and self-paced options that allow you to study your way, keeping travel and costs to a minimum. Find out more.
- Successful completion of this course and exam awards the ISO 17024-accredited ISO 27001:2022 Certified ISMS Transition (CIS TN) qualification and 7 CPD points. Your existing ISO 27001 qualifications will also be upgraded to IBITGQ ISO 27001:2022 qualifications.
Also available as a self-paced online course
ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard
The perfect introduction to the principles of information security management and ISO 27001:2022.
An ideal resource for anyone wanting a clear, concise and easy-to-read primer on information security, this pocket guide will ensure the ISMS you put in place is effective, reliable and auditable.
Gap analysis tool
The ISO 27001:2022 Gap Analysis Tool will help your organisation identify the extent to which its information security control stance meets the requirements of ISO 27001:2022.
The tool is designed to support your organisation in its initial project planning of the ISMS security controls, and quickly and easily map your current information security measures against ISO/IEC 27001:2022 and Annex A controls aligned to ISO/IEC 27002:2022 requirements.
- Accelerate your ISMS implementation project with more than 140 customisable, ISO 27001-compliant documentation templates. View full contents
- Save hours of work with implementation tools and expert guidance from the team who led the world’s first successful ISO 27001 certification project, including:
- ISMS Overview
- ISO 27001:2013 and ISO 27001:2022 Gap Analysis Tool
- ISO 27002:2013 Controls Gap Analysis Tool
- ISO 27001 Implementation Manager
- ISO 27001:2013 Documentation Dashboard
- Collaborate easily with multi-user access to the Cloud-based DocumentKits platform wherever you are.
- Get compliant and stay compliant with more than 200 free annual updates – including to ISO 27001:2022.
- Enjoy flexible payment options with a no-obligation annual subscription, which you can cancel at any time (T&Cs apply).
Speak to an ISO 27001 expert
For more information about ISO 27001 and how we can help you implement an ISMS – whatever your size, budget or level of expertise – get in touch with one of our experts today.