When must I transition to ISO 27001:2022?
Organisations that have already certified their ISMS (information security management system) to ISO 27001:2013 have until 31 October 2025 to conform to ISO 27001:2022.
However, according to the IAF’s (International Accreditation Forum) revised guidance document, certification bodies must stop offering (re)certification to the 2013 edition of the Standard by 30 April 2024, so there may be less time to conform to ISO 27001:2022 than you thought.
Moreover, even if your organisation’s ISMS is recertified to ISO 27001:2013 by 30 April 2024, that certificate will expire on 31 October 2025 – even if it has been in place for less than three years (the normal duration of an ISO management system certificate).
We therefore advise you start adopting the 2022 Standard as soon as you can.
Should I wait to start my ISO 27001:2022 project?
Organisations should already be able to achieve certification to ISO 27001:2022.
If you intend to recertify against ISO 27001:2013, which should still be possible until 29 April 2024, you could still work against the 2022 control set. ISO 27002:2022 has an annex that compares its controls with the 2013 iteration of the Standard, so this should be relatively straightforward.
However, you will still need to compare these with the 2013 Annex A controls in your SoA (Statement of Applicability) if you are recertifying to ISO 27001:2013.
One advantage of implementing the new controls is that the new ISO 27002 is much more comprehensive and provides clearer guidance on control selection and implementation than the 2013 iteration did, thereby making your ISMS easier to implement and manage.
You should also find it relatively easy to achieve certification to ISO 27001:2022 later because your ISMS will already be based on the 2022 control set.
ISO 27001 resources
We have everything you need to transition your ISMS to conform to ISO 27001:2022.
Automate your transition
Gain the skills to transition
Get expert help
Free resources
Automate your transition
CyberComply
The CyberComply platform simplifies the transition to ISO 27001:2022, automating your compliance needs. Here you’ll be able to:
- Identify risks by selecting assets, threats and vulnerabilities and apply controls to treat and manage them;
- Create auditable logs of data privacy and security incidents, including affected assets, responsible users and estimated losses; and
- Select relevant legislation and meet your legal, contractual and regulatory obligations in line with Clause 4.2 of ISO 27001.
Find out more
Gain the skills to transition
Certified ISO 27001:2022 ISMS Transition Training Course
Train with the ISO 27001 experts to understand the changes and new requirements in ISO 27001:2022.
Book now
Certified ISO 27001:2022 ISMS Foundation Training Course
Train with the ISO 27001 experts to get a comprehensive introduction to the features and benefits of ISO 27001:2022.
Book now
Certified ISO 27001:2022 ISMS Lead Implementer Training Course
Join our three-day masterclass to gain the essential knowledge and practical skills to effectively implement ISO 27001:2022. This comprehensive course will empower you to confidently protect your organisation’s sensitive information assets, while ensuring compliance.
Book now
Certified ISO 27001:2022 ISMS Lead Auditor Training Course
Designed to equip you with essential knowledge and practical skills, this comprehensive course will ensure you can confidently lead an audit of an ISMS in line with ISO 27001:2022.
Book now
Certified ISO 27001:2022 ISMS Internal Auditor Training Course
Learn how to drive continual improvement within your organisation’s ISMS, and find out how to identify opportunities for improvement and take corrective action to maintain conformity to ISO 27001:2022.
Book now
Get expert help
ISO 27001 Transition Gap Analysis
Our consultants will assess your ISMS against the requirements of ISO 27001:2022, and identify gaps and nonconformities to provide you with a clear roadmap for improvement. We’ll create a revised risk treatment plan, aligned with the updated Standard, offering a strategic approach to strengthen your information security framework.
Download the service description
Enquire about this service
Free resources
Briefing: Unpacking your ISO 27001:2022 Transition Strategy
In this webinar, produced in association with Perry Johnson Registrars, IT Governance’s CEO Alan Calder explains how to transition your ISMS to conform to ISO 27001:2022.
Green paper: ISO 27001 and ISO 27002 – Transitioning to the 2022 standards
If you’re transitioning your ISMS to conform to ISO 27001:2022, download this free paper and discover:
- An overview of the key changes to both ISO 27001 and ISO 27002;
- Explanations of the ISO 27002 attributes, and how to create and use views;
- Explanations of the 11 new controls and 6 noteworthy merged controls in the 2022 set;
- A transitioning checklist; and
- Our concluding thoughts on the new standards.
Download now
Speak to an ISO 27001 expert
For more information about ISO 27001 and how we can help you implement an ISMS – whatever your size, budget or level of expertise – get in touch with one of our experts today.
Contact us