Do we need to transition to 27001:2022?
In October 2022, ISO released a new version of ISO 27001. ISO 27001:2022 -“Information security, cybersecurity and privacy protection — Information security management systems — Requirements”, will replace ISO 27001:2013 via a three-year transition period, which ends in October 2025. Until that date, both versions of ISO 27001 remain valid. If you wish to remain certified to ISO 27001, you must transition to the 2022 revision before October 2025. Some UKAS accredited certification bodies have advised that they will ask organisations to transition sooner (i.e. at the next recertification visit if the recertification visit is after 1st May 2024).
What are the key changes to ISO 27001 2022?
Easier to understand
A number of controls have been updated with the objective of making them easier to understand.
New security controls
Eleven new security control requirements have been introduced into Annex A
Annex A Restructured
Annex A Controls are now restructured in 4 sections (Organisational, People, Physical and Technological controls)
Our ISO 27001:2022 Transition Lifecycle
We will provide awareness training in relation to the key changes in the standard as well as provision, review and update the Teamwork IMS ISO 27001:2022 transition checklist
We help you update your ISMS documentation and provide guidance to support the implementation of new or changed controls
We will complete the assessment body checklist and support readiness reviews (where required by the certification body)
We will attend and support your UKAS accredited assessment body transition assessment
Why choose Teamwork IMS?
Since 2007, Teamwork has been solving compliance challenges for a huge range of organisations, from SMEs to large international corporates. Our team of professionals includes CISSP, PCI Security Standards Council QSA, MBCI, GDPR, IEMA, ESOS, NEBOSH and CMIOSH qualified consultants.
Our knowledge and experience across a broad base of management and technical Standards make us uniquely equipped to help organisations to develop an information security management system and integrate with existing management systems to achieve significant savings and efficiencies.
Part of your business
Our success has been firmly based on two key principles: the ability of Teamwork consultants to look beyond the standard in question and identify, define and align with the real business drivers of our customers, and our innate ability to become one with our customer’s own management teams.
We have developed and led UKAS-accredited ISO and other standards-based service improvement programmes for private and public-sector organisations across an international client base.
New Annex A Controls
- A.5.7 Threat intelligence
- A.5.23 Information security for the use of cloud services
- A.5.30 ICT readiness for business continuity
- A.7.4 Physical security monitoring
- A.8.9 Configuration management
- A.8.10 Information deletion
- A.8.11 Data masking
- A.8.12 Data leakage prevention
- A.8.16 Monitoring activities
- A.8.23 Web filtering
- A.8.28 Secure coding
Assure customers that your organisation has effective Information Security controls in place
Data Protection and GDPR Consultancy.
Information security certification for cloud service providers.
Payment Card Industry Data Security Standard Consultancy and Assessment.
Frequently asked questions
All organisations that wish to remain certified to ISO 27001 will have to transition to the 2022 version of the standard within the set transition period which ends on October 31,2025. Some UKAS accredited certification bodies have advised that they will ask organisations to transition sooner (i.e. at the next recertification visit if the recertification visit is after 1st May 2024).
The UKAS accredited certification bodies we frequently deal with have indicated that typically 1 day would be added onto an existing surveillance visit or recertification assessment. However, for larger complex and/or multi-site clients there may be additional days.
Some certification bodies will also require the completion of a gap analysis document or readiness review in advance of the assessment.
For a consultancy team who routinely manage compliance programs for other organisations, progressing through our own certification process is always a valuable reminder of how the experience feels and we think that this contributes towards our efficient but sympathetic approach to consulting for others.