The new ISO27001:2022 — what now?

The new version of ISO27001 was published in autumn 2022. According to the speci­fi­ca­tions of the Inter­na­tional Accred­i­tation Forum (IAF), initial and re-certi­fi­ca­tions may only be carried out in accor­dance with ISO27001:2022 from 30 April 2024.

Transition period and conversion to ISO27001:2022

The transition period for the conversion of already certified infor­mation security management systems (ISMS) to the new standard ends on 31 October 2025. It can be assumed that from summer 2023 onwards, accredited certi­fi­cation bodies will have expanded their programmes to such an extent that audits according to the new ISO27001:2022 will be possible from autumn 2023 at the latest.

Changes and adapta­tions to the ISMS and its documentation

However, as is not uncommon with new versions, the changes contained in this case are also associated with adjust­ments to the ISMS and its documen­tation. This applies in particular the completely revised and restruc­tured Annex A (resulting from the new ISO27002:2022). But there are also additions and adapta­tions in the chapters 4 to 10 to be considered.

Consul­tancy and support in adapting the ISMS

We are happy to advise you on the adaptation of your existing ISMS. In addition to identi­fying the tasks resulting from the changes, we will also actively help you with the imple­men­tation, if required, in order to achieve the mainte­nance of conformity with the standard.

ISO27001 certi­fi­cation: advice and support on the way to compliance with the standard

If you are thinking about ISO27001 certi­fi­cation, we would be happy to offer you our advice and, if required, our active support on the way to a standard-compliant ISMS. This can include, in particular, the transfer of knowledge in workshops, but also the imple­men­tation of an internal audit as well as support in the creation of documents and the intro­duction of processes.

Further infor­mation can be found here.