Transitioning to ISO 27001:2022

How does ISO 27001:2022 affect organisations that are
already certified to ISO 27001:2013?
 

When must I transition to ISO 27001:2022?

Organisations that have already certified their ISMS (information security management system) to ISO 27001:2013 have until 31 October 2025 to conform to ISO 27001:2022.

However, according to the IAF’s (International Accreditation Forum) revised guidance document, certification bodies must stop offering (re)certification to the 2013 edition of the Standard by 30 April 2024, so there may be less time to conform to ISO 27001:2022 than you thought.

Moreover, even if your organisation’s ISMS is recertified to ISO 27001:2013 by 30 April 2024, that certificate will expire on 31 October 2025 – even if it has been in place for less than three years (the normal duration of an ISO management system certificate).

We therefore advise you start adopting the 2022 Standard as soon as you can.

Should I wait to start my ISO 27001:2022 project?

Organisations should already be able to achieve certification to ISO 27001:2022.

If you intend to recertify against ISO 27001:2013, which should still be possible until 29 April 2024, you could still work against the 2022 control set. ISO 27002:2022 has an annex that compares its controls with the 2013 iteration of the Standard, so this should be relatively straightforward.

However, you will still need to compare these with the 2013 Annex A controls in your SoA (Statement of Applicability) if you are recertifying to ISO 27001:2013.

One advantage of implementing the new controls is that the new ISO 27002 is much more comprehensive and provides clearer guidance on control selection and implementation than the 2013 iteration did, thereby making your ISMS easier to implement and manage.

You should also find it relatively easy to achieve certification to ISO 27001:2022 later because your ISMS will already be based on the 2022 control set.

ISO 27001 resources

We have everything you need to transition your ISMS to conform to ISO 27001:2022.


Automate your transition

Gain the skills to transition

Get expert help

Free resources
  Automate your transition

CyberComply

CyberComply

The CyberComply platform simplifies the transition to ISO 27001:2022, automating your compliance needs. Here you’ll be able to:

  • Identify risks by selecting assets, threats and vulnerabilities and apply controls to treat and manage them;
  • Create auditable logs of data privacy and security incidents, including affected assets, responsible users and estimated losses; and
  • Select relevant legislation and meet your legal, contractual and regulatory obligations in line with Clause 4.2 of ISO 27001.

Find out more

  Gain the skills to transition

Certified ISO 27001:2022 ISMS Transition Training Course

Certified ISO 27001:2022 ISMS Transition Training Course

Train with the ISO 27001 experts to understand the changes and new requirements in ISO 27001:2022.

Book now

Certified ISO 27001:2022 ISMS Foundation Training Course

Certified ISO 27001:2022 ISMS Foundation Training Course

Train with the ISO 27001 experts to get a comprehensive introduction to the features and benefits of ISO 27001:2022.

Book now

Certified ISO 27001:2022 ISMS Lead Implementer Training Course

Certified ISO 27001:2022 ISMS Lead Implementer Training Course

Join our three-day masterclass to gain the essential knowledge and practical skills to effectively implement ISO 27001:2022. This comprehensive course will empower you to confidently protect your organisation’s sensitive information assets, while ensuring compliance.

Book now

Certified ISO 27001:2022 ISMS Lead Auditor Training Course

Certified ISO 27001:2022 ISMS Lead Auditor Training Course

Designed to equip you with essential knowledge and practical skills, this comprehensive course will ensure you can confidently lead an audit of an ISMS in line with ISO 27001:2022.

Book now

Certified ISO 27001:2022 ISMS Internal Auditor Training Course

Certified ISO 27001:2022 ISMS Internal Auditor Training Course

Learn how to drive continual improvement within your organisation’s ISMS, and find out how to identify opportunities for improvement and take corrective action to maintain conformity to ISO 27001:2022.

Book now

  Get expert help

ISO 27001 Transition Gap Analysis

ISO 27001 Transition Gap Analysis

Our consultants will assess your ISMS against the requirements of ISO 27001:2022, and identify gaps and nonconformities to provide you with a clear roadmap for improvement. We’ll create a revised risk treatment plan, aligned with the updated Standard, offering a strategic approach to strengthen your information security framework.

 Download the service description

Enquire about this service

  Free resources

Briefing: Unpacking your ISO 27001:2022 Transition Strategy

In this webinar, produced in association with Perry Johnson Registrars, IT Governance’s CEO Alan Calder explains how to transition your ISMS to conform to ISO 27001:2022.

Podcast

Steve Watkins is a renowned expert on ISO 27001. In this mini podcast, he discusses the 2022 iteration of the Standard and his book ISO/IEC 27001:2022 – An introduction to information security and the ISMS standard.

Green paper: ISO 27001 and ISO 27002 – Transitioning to the 2022 standards

If you’re transitioning your ISMS to conform to ISO 27001:2022, download this free paper and discover:

  • An overview of the key changes to both ISO 27001 and ISO 27002;
  • Explanations of the ISO 27002 attributes, and how to create and use views;
  • Explanations of the 11 new controls and 6 noteworthy merged controls in the 2022 set;
  • A transitioning checklist; and
  • Our concluding thoughts on the new standards.

Download now

Speak to an ISO 27001 expert

For more information about ISO 27001 and how we can help you implement an ISMS – whatever your size, budget or level of expertise – get in touch with one of our experts today.

Contact us

This website uses cookies. View our cookie policy
SAVE 25% ON
FOUNDATION TRAINING