Make the leap

Transition to ISO 27001:2022

Companies certified to ISO 27001:2013 need to update to the latest 2022 version by October 2025. We can help make the process simple with our ISO 27001 Transition Programme, which includes:

Awareness Training to get you up-to-date with al the latest changes

Implementation and Internal Auditing support to ensure you’re complying with ISO 27001:2022

Plus access to the isologyhub where you can find further training and templates to enhance your ISO Management System

Sign up before October 1st 2023 and get a free copy of ISO 27001:2022!

Things are changing –
we’re here to guide you

Your ISO 27001:2013 certification will only have a few more years to run before it
becomes invalid. If you want to retain your ISO 27001 certification then you will need
to transition to the 2022 version within 2 years of it’s publication.

If you miss the transition period then you will have to reapply for certification by
completing a Stage 1 and 2 Assessment, which can be costly.

Our ISO 27001 Transition Programme includes:-

Awareness – 1 hour video to include:

What’s new?
What do we need to update/add?
Breakdown of the 4 critical areas (Technological, Organisational, People and Physical)

Transition Action Plan for implementation (1 day)

ISO 27001:2022 Implementation support (3 days)

ISO 27001:2022 Internal audit support (1 day)

External Certification Body assessment support
(2 days)

Why transition to ISO 27001:2022?

As well as retaining your certified status, there are many other benefits to transition to ISO 27001:2022, those include;

Keep up-to-date with the latest cyber security controls

Enable links to other security frameworks such as cyber essentials and NIST

Easier integration with other ISO 27000 Standards, such as ISO 27017 (Cloud Security) and ISO 27701 (Privacy Information Security)

A chance to re-visit and revamp your Management System

ISO 27001: 2022 Guide to the Changes

Get access to our free ‘ISO 27001: 2022 Guide to the Changes’ here:

Listen to our Podcast

Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.

Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.

211 The Power of Communicating your management system

210 What is the EU Green Claims Directive

209 Introducing the Anti-Greenwash Charter

208 The pros and cons of sustainability standards

FAQ

Who is ISO 27001 transition applicable to?

Anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard. Those who are just started or are planning to Implement ISO 27001 should Implement the latest version of the Standard.

When do I need to transition to ISO 27001:2022 by?

The deadline for ISO 27001:2022 transition is October 2025. Though that may seem a way off, we recommend that you begin the process now to stay ahead. Certification Bodies will undoubtedly have a large demand for transition audits in 2025, and you may struggle to get booked in time.

What will happen if I don’t transition to ISO 27001:2022?

If you do not transition by October 2025, you will lose your ISO 27001 certification. You will then be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001 as certification bodies will cease to certify against the 2013 version beyond 2025.

What do I need to do to transition to ISO 27001:2022?

Firstly, we recommend purchasing a copy of the Standard so you can understand the changes required.

Next you will need to conduct a Gap Analysis against the 2022 version of the Standard to see where your current system does and does not comply with the Standard. From there you will need to update your Policies, Procedures and Statement of Applicability in-line with the 2022 version of the Standard and ensure you put controls in place to cover any gaps discovered from the Gap Analysis.

You will also need to update your Internal Audit schedule and audit against the changes in ISO 27001:2022. We would also recommend updating your Management Review Agenda to Include a section on ISO 27001 changes and how you plan to communicate these to the wider business.

Lastly, you will need to have a transition visit from your Certification Body to verify you are fully compliant with ISO 27001:2022.

If you would like some help with your transition – we have a full ISO 27001 Transition Programme available to make the process go smoothly.

How long will it take to transition to ISO 27001:2022?

Our Transition Programme recommends 5-7 days over the span of 4-6 months to go through the whole process.

Please note that many Certification Bodies will not be in a position to certify against ISO 27001:2022 until October 2023.

How do I arrange a transition to ISO 27001:2022 visit with my Certification Body?

You can contact your Certification Body directly to discuss when you may be able to conduct the transition visit. If your annual Surveillance visit is towards the later half of 2023, you may wish to combine them to save on costs.

Currently, Certification Bodies are predicting an additional half-day for this, but this may vary for each CB.