The new ISO/IEC 27001:2022 – Transition process

On October 25th 2022, the ISO/IEC 27001:2022 was published. The standard specifies the requirements for establishing, implementing, maintaining and improving an information security management system (ISMS).

The changes are mainly in Annex A where security controls have been added, eliminated or merged.

The transition period is set within 3 years from publication. Therefore valid certificates according to the 2013 version shall be transferred to the new 2022 version before November 2025. On the other hand, the audits of new certifications and renewals shall be carried out in compliance with the new standard as of May 2024.

For further details or information SIET is fully available to answer and to support your certification process.