ISO 27001 : 2022 Transition

Transitioning to the updated Standard

Do we need to transition to 27001:2022?

In October 2022, ISO released a new version of ISO 27001. ISO 27001:2022 -“Information security, cybersecurity and privacy protection — Information security management systems — Requirements”, will replace ISO 27001:2013 via a three-year transition period, which ends in October 2025. Until that date, both versions of ISO 27001 remain valid. If you wish to remain certified to ISO 27001, you must transition to the 2022 revision before October 2025. Some UKAS accredited certification bodies have advised that they will ask organisations to transition sooner (i.e. at the next recertification visit if the recertification visit is after 1^st May 2024).

What are the key changes to ISO 27001 2022?

Easier to understand

A number of controls have been updated with the objective of making them easier to understand.

New security controls

Eleven new security control requirements have been introduced into Annex A

Annex A Restructured

Annex A Controls are now restructured in 4 sections (Organisational, People, Physical and Technological controls)

Our ISO 27001:2022 Transition Lifecycle

Transition Checklist

We will provide awareness training in relation to the key changes in the Standard as well as provision, review and update the Teamwork IMS ISO 27001:2022 transition checklist

Find out more

Implementation

We help you update your ISMS documentation and provide guidance to support the implementation of new or changed controls

Find out more

Pre-Audit Review

We will complete the assessment body checklist and support readiness reviews (where required by the certification body)

Find out more

Assessment

We will attend and support your UKAS accredited assessment body transition assessment

Find out more

Why choose Teamwork IMS?

Experienced Professionals

Teamwork IMS is a leading provider of Compliance and Sustainability solutions to a wide range of business sectors worldwide. Our solutions support compliance, expedite ISO certification, promote sustainability and drive improvement initiatives. Our team of professionals includes MBCI, GDPR, ISEP, ESOS and ISO Lead Assessor, CMIOSH, CISSP, PCI Security Standards Council QSA qualified consultants.

Multi-disciplinary team

Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve significant savings and efficiencies.

Part of your business

The continued success of both the project delivery and maintenance phases of our Compliance and Sustainability programmes is built on two key principles:

– The exceptional insight of our consultants, who consistently go beyond the Standards and services to identify, define, and align with the core business drivers that truly matter to our clients

– Our unique ability to integrate effortlessly with our clients’ teams, fostering collaboration and trust, and becoming a valued extension of their operations.

Global credentials

We have developed and led IAF National accredited ISO as well as other Standard and compliance-based service improvement programmes for private and public-sector organisations across an international client base.

New Annex A Controls

A.5.7 Threat intelligence
A.5.23 Information security for the use of cloud services
A.5.30 ICT readiness for business continuity
A.7.4 Physical security monitoring
A.8.9 Configuration management
A.8.10 Information deletion
A.8.11 Data masking
A.8.12 Data leakage prevention
A.8.16 Monitoring activities
A.8.23 Web filtering
A.8.28 Secure coding

Related Standards

Frequently asked questions

What is the deadline for transition to ISO 27001:2022?

All organisations that wish to remain certified to ISO 27001 will have to transition to the 2022 version of the Standard within the set transition period which ends on October 31,2025. Some UKAS accredited certification bodies have advised that they will ask organisations to transition sooner (i.e. at the next recertification visit if the recertification visit is after 1^st May 2024).

How are certification bodies approaching transition audits?

The UKAS accredited certification bodies we frequently deal with have indicated that typically 1 day would be added onto an existing surveillance visit or recertification assessment. However, for larger complex and/or multi-site clients there may be additional days.

Some certification bodies will also require the completion of a gap analysis document or readiness review in advance of the assessment.

Teamwork IMS - ISO consultancy and certification

We practice what we preach

For a consultancy team who routinely manage compliance programmes for other organisations, progressing through our own certification process is always a valuable reminder of how the experience feels and we think that this contributes towards our efficient but sympathetic approach to consulting for others.

View our certifications