ISO 27001 : 2022 Transition

Transitioning to the updated Standard

Does your organisation already hold ISO 27001 certification and need support in transitioning to the updated ISO 27001:2022 standard? Our experienced information security consultants can help. 

Get a quote Other ISO Standards

Do we need to transition to 27001:2022?

In October 2022, ISO released a new version of ISO 27001. ISO 27001:2022  -“Information security, cybersecurity and privacy protection — Information security management systems — Requirements”, will replace ISO 27001:2013 via a three-year transition period, which ends in October 2025. Until that date, both versions of ISO 27001 remain valid. If you wish to remain certified to ISO 27001, you must transition to the 2022 revision before October 2025.  Some UKAS accredited certification bodies have advised that they will ask organisations to transition sooner (i.e. at the next recertification visit if the recertification visit is after 1st May 2024).

Contact us to find out more

What are the key changes to ISO 27001 2022?

Ensure accountability

Easier to understand

A number of controls have been updated with the objective of making them easier to understand.

Futureproof your organisation

New security controls

Eleven new security control requirements have been introduced into Annex A


Improved documentation

Annex A Restructured

Annex A Controls are now restructured in 4 sections (Organisational, People, Physical and Technological controls)

Our ISO 27001:2022 Transition Lifecycle

Gap analysis

Transition Checklist

We will provide awareness training in relation to the key changes in the standard as well as provision, review and update the Teamwork IMS ISO 27001:2022 transition checklist

Find out more



We help you update your ISMS documentation and provide  guidance to support the implementation of new or changed controls

Find out more


Pre-Audit Review

We will complete the assessment body checklist and support readiness reviews (where required by the certification body)

Find out more



We will attend and support your UKAS accredited assessment body transition assessment

Find out more

Why choose Teamwork IMS?

Experienced Professionals

Experienced Professionals

Since 2007, Teamwork has been solving compliance challenges for a huge range of organisations, from SMEs to large international corporates. Our team of professionals includes CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS, NEBOSH and CMIOSH qualified consultants.

Multi-disciplinary team

Multi-disciplinary team

Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve significant savings and efficiencies.

Part of your business

Part of your business

Our success has been firmly based on two key principles: the ability of Teamwork consultants to look beyond the standard in question and identify, define and align with the real business drivers of our customers, and our innate ability to become one with our customer’s own management teams.

Global credentials

Global credentials

We have developed and led UKAS-accredited ISO and other standards-based service improvement programmes for private and public-sector organisations across an international client base.

New Annex A Controls

  • A.5.7 Threat intelligence
  • A.5.23 Information security for the use of cloud services
  • A.5.30 ICT readiness for business continuity
  • A.7.4 Physical security monitoring
  • A.8.9 Configuration management
  • A.8.10 Information deletion
  • A.8.11 Data masking
  • A.8.12 Data leakage prevention
  • A.8.16 Monitoring activities
  • A.8.23 Web filtering
  • A.8.28 Secure coding

Related Standards

ISO 27001

ISO 27001

Assure customers that your organisation has effective Information Security controls in place



Data Protection and GDPR Consultancy.

ISO 27017

ISO 27017

Information security certification for cloud service providers.


Payment Card Industry Data Security Standard Consultancy and Assessment.

Frequently asked questions

What is the deadline for transition to ISO 27001:2022?

All organisations that wish to remain certified to ISO 27001 will have to transition to the 2022 version of the standard within the set transition period which ends on October 31,2025. Some UKAS accredited certification bodies have advised that they will ask organisations to transition sooner (i.e. at the next recertification visit if the recertification visit is after 1st May 2024).

How are certification bodies approaching transition audits?

The UKAS accredited certification bodies we frequently deal with have indicated that typically 1 day would be added onto an existing surveillance visit or recertification assessment. However, for larger complex and/or multi-site clients there may be additional days.

Some certification bodies will also require the completion of a gap analysis document or readiness review in advance of the assessment.

We practice what we preach

For a consultancy team who routinely manage compliance programs for other organisations, progressing through our own certification process is always a valuable reminder of how the experience feels and we think that this contributes towards our efficient but sympathetic approach to consulting for others.

View our certifications

Get in touch today


    Email address

    Phone number