ISO 27001:2022 has been published

An update to the Information Security Standard ISO 27001 was published on 25th October 2022.  This means that if you are certified to ISO 27001: 2013 you will need to make changes to your information security management system (ISMS).  The International Accreditation Forum (IAF) has set out the mandatory requirements for transitioning from the 2013 to the 2022 version of the standard. This is detailed in the IAF MD26 document.

Transitioning to ISO 27001:2022

If you currently have certification to ISO 27001:2013, you will need to make the required changes by October 31st 2025.  After this date, all ISO 27001:2013 certificates will cease to be valid.

Once you have made the changes, you will need to contact the office to let us know you’d like to transition, as Isoqar Inc will need to conduct a transition audit to determine that your updated system meets the new requirements (including the changes to Annex A controls).

It is expected that (in line with IAF guidelines) additional audit time will be required for the transition audit.  You may transition at any stage during your certification cycle.  This can be at re-certification, surveillance or a standalone visit.

If you used a management consultant to help implement your information security management system, they should be able to support you through the changes.

How we can help

If you have any questions about the process, please feel free to contact us.

Skip to content