ISO 27001: 2022 - UNDERSTANDING THE TRANSITION
ISO 27001: 2022 - UNDERSTANDING THE TRANSITION
ISO 27001 Information Security Management System sets a framework to manage and protect sensitive information, including financial information, personal data, and intellectual property, within your organisation. In October 2022, ISO released a new version of ISO 27001, thereby opening a cycle of recertification for many organisations. Here we set out everything you need to know about the transition and make sure you remain certified to ISO 27001 after the end of the transition period.
What are the timings?
ISO 27001:2022 "Information security, cybersecurity and privacy protection — Information security management systems — Requirements" will replace ISO 27001:2013 via a three-year transition period, which ends in October 2025. Until that date, both versions of ISO 27001 remain valid. If you wish to remain certified to ISO 27001, you must transition to the 2022 revision before October 2025.
What do you need to do?
With the new standard now in place, we recommend that all future audits are completed to the requirements of ISO 27001: 2022. This will ensure that your certificate is in place before the end of the transition period.
In order to do this, you should transition your management system to the new requirements of ISO 27001: 2022, including any changes to documentation and evidence of any new or amended processes.
Once completed and to prepare for your Bureau Veritas transition audit, you should also conduct an internal audit and management review. Our certification specialists can help with transition gap analysis.
What has changed?
ISO27001:2022 presents a simplified version of the required controls. The original 114 controls divided into 14 chapters are now reorganised into 93 controls divided over four chapters - organisational, people, physical and technological.
New focus points are now set on prevention, detection and reaction to cyberattacks, as well as data protection (in line with the NIST Cybersecurity Framework).
A number of other changes have been made throughout various requirements. Bureau Veritas can work with you to help identify and implement the changes.
How else can Bureau Veritas help?
We are here to guide you through the transition to ISO 27001: 2022 and ultimately achieve certification to the revised standard. Our services include:
- Technical advice and guidance: Our ongoing programme of support, education and guidance begins with a free webinar from Bureau Veritas experts. You can watch it here
- Gas analysis: Identifying any gaps between your existing management system and the requirements of the revised ISO 27001 standard ahead of your transition audit.
- Transition audit: Your next audit should be completed to the requirements of the revised standard to ensure certification within the transition period.
- Training: Bureau Veritas offers a wide range of flexible training courses covering all aspects of certification.
Don’t forget, if you are certified to ISO 27001 with another provider, you can switch to Bureau Veritas using our fuss-free transition process to take advantage of benefits from a true global leader.