In October 2022, the International Organization for Standardization (ISO) released an updated version of ISO/IEC 27001:2022. Recognized as the premier global standard for information security, ISO 27001 provides a framework for establishing an Information Security Management System (ISMS).

In the ISO/IEC 27001:2022 update, the most substantial revision can be found in Annex A, which has been adjusted to correspond with the information security controls present in ISO/IEC 27002:2022. Conversely, modifications in clauses 4-10 are primarily editorial, enhancing alignment with other management system standards.

Companies certified under ISO 27001:2013 have a transition deadline of October 31, 2025, to adapt to the updated revision. To navigate this change efficiently, our specialists suggest the following steps:

Gap Analyst: Engage our experts for a comprehensive gap/readiness assessment. This will help compare your existing controls with the updated standard, pinpointing the necessary adjustments to achieve certification compliance with the new version.

Roll-out of New Controls in 2023: Post-assessment, it’s vital to channel efforts into assimilating the new standards throughout 2023.

Initiate a Fresh Audit: Given proactive and meticulous preparations in 2023, you should be positioned to undertake an audit in alignment with the new standard by the end of the same year. This positions you well ahead of the ISO’s set deadline of October 31, 2025.