ISO 27001:2022 – One Year On

31 Oct, 2023

What is ISO 27001:2022?

In October 2022, ISO 27001:2013 Information Security was revised to ISO 27001:2022 Information Security, Cybersecurity and Privacy Protection. As you can see by the name change, ISO 27001 has evolved to reflect today’s digital landscape, focusing on the relationship between information security, cybersecurity, and privacy. This adaption became imperative following the pandemic, where technology adoption accelerated, resulting in a rise in cybercrime.

In response to its release, our ISO 27001 experts began implementing changes, and just six months later, we began transitioning our first clients to ISO 27001:2022. During the first six months, 100% of clients who have had a re-certification audit to ISO 27001:2022 have successfully upgraded.

Key Changes in ISO 27001:2022

While there have been several changes to the Standard, most are minor. The most notable changes relate to Annex A, which has aligned to ISO 27002 following its update earlier the same year. This has seen significant changes to the number of controls and their groups.  You can find full details here.  

For an in-depth understanding of these changes, we invite you to join our monthly ISO 27001 Upgrade Seminar.  Check out our upcoming dates here.

When should we implement ISO 27001:2022?

You have until 31st October 2025 to transition to ISO 27001:2022, but we strongly recommend starting as soon as possible. Early adoption ensures ample time to reach compliance and ensures you’re working with best practices in today’s digital world.  

If you hold an ISO 27001:2013 certificate with ISO QSL, we will begin the transition process during your annual support visit. By April 2024, we anticipate that 70% of our clients will have transitioned to ISO 27001:2022. If you have concerns about the process, you can rest assured we will provide all the support you need.  

Here’s what Global Language Services Limited said about their experience in a recent Google Review: “It was a pleasure working with Julia, who is an experienced and very knowledgeable auditor. She provided us with additional, valuable information that will help with the smooth transition to the new ISO 27001:2022 standard.”

What happens if I don’t upgrade?

Failure to achieve ISO 27001:2022 before 31st October 2025 will result in loss of certification. It is therefore crucial to begin the transition process promptly to maintain your certification status.

How to transition to ISO 27001:2022?

We’ll help you kickstart the transition process with a GAP analysis to identify what adjustments are needed to comply with ISO 27001:2022. Following this analysis, you can begin the upgrade process. During this stage, our dedicated team will provide you with access to resources such as templates, and they’ll be on hand to answer any questions. Once completed, you will be ready to certify to ISO 27001:2022.  
  
To support you, we recommend attending an ISO 27001 training session. These differ from the upgrade seminars and provide a detailed understanding of each Clause.  Discover upcoming dates here.  

Don’t have a certificate with ISO QSL? We can still help!

We extend the same level of support to those looking to upgrade to ISO 27001:2022, even when not an existing client.  Learn more about our consultancy services here or speak to our team on 0330 058 5551 to discuss your requirements in more detail.  

Considering ISO 27001 for the first time?

There’s no better time to embark on your ISO 27001 journey. We are already supporting organisations like yours through the process. Simply call our team today on 0330 058 5551 to find out how we can help, or request a free, no-obligation quote here.