In the ever-evolving landscape of information security threats, organisations worldwide committed to safeguarding their data must adapt. This ISO 27001:2022 transition guide explores the crucial role the international standard for Information Security Management Systems (ISMS), ISO 27001, plays in achieving this objective.

The release of the ISO 27001:2022 standard in October 2022 marked a significant step in addressing emerging security challenges, building upon its predecessor, ISO 27001:2013. This updated standard seamlessly incorporates the latest best practices, adapting to a world that has undergone profound changes in the last decade.

ISO 27001:2022 stands as the most current, internationally recognised standard, offering a robust framework for establishing, implementing, maintaining, and continually enhancing an ISMS.

Organisations presently certified under the 2013 standard, and aspiring to maintain ISO 27001 certification, must proactively prepare for the transition to the updated 2022 standard. To facilitate this transition, a three-year grace period was implemented in October 2022 upon the release of the new standard. By October 2025, this transition window will conclude, mandating all organisations currently on the 2013 standard to successfully migrate to the 2022 standard, or risk invalidating their ISO 27001 certification.

Notably, NQA, one of the UK’s certification bodies closely associated with Risk Evolves, provides a detailed timeline for this transition on their website, aiding their clients in achieving a seamless transition. While alternative certification bodies exist, NQA’s accreditation by UKAS (The National Accreditation Body for the United Kingdom) and its global recognition make it a preferred choice.

NQA's Detailed Transition Period Timeline

2022

October, 25th

Released

ISO/IEC 27001:2022 3rd Edition

https://www.iso.org/standard/27001

October, 31st

Transition Period Begins

2024

May, 1st

After this date, all initial (new) certifications should be to the ISO 27001:2022 edition.
After this date, all recertification audits are recommended to utilise the ISO 27001:2022 edition.
Until this date, NQA will continue to accept applications for certification and issue new certificates against the ISO 27001:2013 standard.

2025

July, 31st

All transition audits should be conducted by this date.

October, 31st

Transition period ends. Certificates for ISO/IEC 27001:2013 will no longer be valid after this date.
All 2013 surveillance audits are valid until this date.

Having successfully navigated the transition in June 2023, Risk Evolves is ideally positioned to assist others. We don’t expect that our clients undergo a process that we haven’t already experienced. Explore our blog post for insights into our transition journey.

ISO 27001 has witnessed a substantial 24.7% increase in worldwide certification over the past two years, with this growth showing no signs of slowing down. This certification is applicable to organisations of all sizes and across all sectors. To discover how we can support your organisation through the ISO 27001:2022 transition, reach out to us today.