ISO/IEC 27001:2022 has been recently released.
Below is a transition timeline for existing certifications.
March 2024 – No new or recertification audits for ISO/IEC 27001:2013 (old version) will be conducted.
June 2025 – This is the deadline (drop-dead date) when companies need to be certified to the new standard.
September 2025 – All ISO/IEC 27001:2013 certificates will expire (regardless of when you were certified) and only the new version will be accepted.
Education and guidance for new clients is available upon request.
Contact us to discuss a certification or transition plan that works for you.
ISO/IEC 27001:2022 Information Security Management System (ISMS)
Is an internationally recognized and accepted standard for the organization’s information security management.
The standard requires the adoption of a risk-based approach to assessing your information security arrangements and ensures that security measures that are the right fit for your organization can be prioritized, implemented and managed accordingly.
Once in place, ISO/IEC 27001:2022 provides a robust management framework that enables an organization to effectively review and continually improve the management of its information security arrangements. Within the standard, Annex A consists of 93 Information Security ‘controls’, the applicability of each to your organization needs to be assessed. These controls determine the way in which you can effectively manage the security of your systems and information.
Information security is critical for both large and small organizations alike. An organization of any size has both legal obligations and organizational opportunities related to the use, storage and management of its data. ISO/IEC 27001:2022 recognizes that the risks posed to businesses in different industries and of different sizes will vary and the standard enables an organization to determine the level of risks within their own organization and to implement the controls necessary to them.
How will ISO/IEC 27001:2022 help my Organization?
At the most fundamental level it will give your clients and suppliers the confidence to trust your organization with the safekeeping of their data. It demonstrates corporate due diligence and shows compliance with regulatory and contractual requirements regarding data security, privacy and IT governance.
Compared to the other management standards, ISO/IEC 27001:2022 is not a one-off system. Regular audits ensure your organization continues to meet its obligations regarding data security and keeps your staff focused on the importance of complying with standards.
ISO/IEC 27001:2022 helps organizations to treat data security seriously, putting in systems and processes to guard against the risk of security breaches or misuse of data. It works with your organization and the kind of data it holds, whether that is bank account details, staff records, passwords, or client confidential information.