Sign up before April 1st 2023 and get a free copy of ISO 27001:2022!
Things are changing –
we’re here to guide you
Your ISO 27001:2013 certification will only have a few more years to run before it
becomes invalid. If you want to retain your ISO 27001 certification then you will need
to transition to the 2022 version within 2 years of it’s publication.
If you miss the transition period then you will have to reapply for certification by
completing a Stage 1 and 2 Assessment, which can be costly.
Our ISO 27001 Transition Programme includes:-
Awareness – 1 hour video to include:
What do we need to update/add?
Breakdown of the 4 critical areas (Technological, Organisational, People and Physical)
Transition Action Plan for implementation (1 day)
ISO 27001:2022 Implementation support (3 days)
ISO 27001:2022 Internal audit support (1 day)
External Certification Body assessment support
Why transition to ISO 27001:2022?
As well as retaining your certified status, there are many other benefits to transition to ISO 27001:2022, those include;
ISO 27001: 2022 Guide to the Changes
Get access to our free ‘ISO 27001: 2022 Guide to the Changes’ here:
Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.
Anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard. Those who are just started or are planning to Implement ISO 27001 should Implement the latest version of the Standard.
The deadline for ISO 27001:2022 transition is October 2025. Though that may seem a way off, we recommend that you begin the process now to stay ahead. Certification Bodies will undoubtedly have a large demand for transition audits in 2025, and you may struggle to get booked in time.
If you do not transition by October 2025, you will lose your ISO 27001 certification. You will then be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001 as certification bodies will cease to certify against the 2013 version beyond 2025.
Firstly, we recommend purchasing a copy of the Standard so you can understand the changes required.
Next you will need to conduct a Gap Analysis against the 2022 version of the Standard to see where your current system does and does not comply with the Standard. From there you will need to update your Policies, Procedures and Statement of Applicability in-line with the 2022 version of the Standard and ensure you put controls in place to cover any gaps discovered from the Gap Analysis.
You will also need to update your Internal Audit schedule and audit against the changes in ISO 27001:2022. We would also recommend updating your Management Review Agenda to Include a section on ISO 27001 changes and how you plan to communicate these to the wider business.
Lastly, you will need to have a transition visit from your Certification Body to verify you are fully compliant with ISO 27001:2022.
If you would like some help with your transition – we have a full ISO 27001 Transition Programme available to make the process go smoothly.
Our Transition Programme recommends 5-7 days over the span of 4-6 months to go through the whole process.
Please note that many Certification Bodies will not be in a position to certify against ISO 27001:2022 until October 2023.
You can contact your Certification Body directly to discuss when you may be able to conduct the transition visit. If your annual Surveillance visit is towards the later half of 2023, you may wish to combine them to save on costs.
Currently, Certification Bodies are predicting an additional half-day for this, but this may vary for each CB.