ISO 27001:2022 Updates
ISO 27001:2022 has been published
An update to the Information Security Standard ISO 27001 was published on 25th October 2022. This means that if you are certified to ISO 27001: 2013 you will need to make changes to your information security management system (ISMS). The International Accreditation Forum (IAF) has set out the mandatory requirements for transitioning from the 2013 to the 2022 version of the standard. This is detailed in the IAF MD26 document.
Transitioning to ISO 27001:2022
If you currently have certification to ISO 27001:2013, you will need to make the required changes by October 31st 2025. After this date, all ISO 27001:2013 certificates will cease to be valid.
Once you have made the changes, you will need to contact the office to let us know you’d like to transition, as Approachable Certification will need to conduct a transition audit to determine that your updated system meets the new requirements (including the changes to Annex A controls).
It is expected that (in line with IAF guidelines) additional audit time will be required for the transition audit. You may transition at any stage during your certification cycle. This can be at re-certification, surveillance or a standalone visit.
We can issue ISO 27001:2022 certificates once you transition, however, these will be non UKAS until we’re granted accreditation by UKAS. We will then update certificates with the UKAS logo free of charge.
If you used a management consultant to help implement your information security management system, they should be able to support you through the changes.
How we can help
If you require some more help and guidance about the transition, we have an ISO 27001:2022 Transition Training Course that may be of interest.
If you have any questions about the process, please feel free to contact us.