Home Resources News

ISO 27001:2022 Has Been Published

25 October 2022
On Tuesday 25th October 2022 ISO released the updated ISO 27001:2022 Information Security Standard. The International Accreditation Forum (IAF) have set out the mandatory requirements for transitioning to the new version of this standard. This is detailed in the document IAF MD 26.

What you need to know if you hold ISO 27001:2013 certification:

  1. You will have until October 31st 2025 to update your ISMS and transition your certification to ISO 27001:2022. After October 31st 2025 all ISO 27001:2013 certificates will cease to be valid.

  2. Your certification body will need to conduct a transition assessment within this time period and issue you an updated certificate.

  3. The transition assessment will determine whether you have updated your ISMS to the new requirements of ISO 27001:2022 including the changes to Annex A controls.

  4. You can transition at a surveillance audit, a recertification audit or a stand alone assessment. Typically this will require additional audit time.

What is NQA is doing?

  1. NQA is working on providing further specific guidance and support. We will be creating a focussed ISO 27001 transition section on our website and communicating with our certified customers in the coming days.

  2. We have released two new training courses to aid with the transition, detailed below

  3. We will be preparing ourselves to conduct audits against ISO 27001:2022 and support our clients towards a smooth transition.

We will provide updates as more information becomes available. To stay up to date with the latest industry developments, follow us on sign up to our monthly newsletter here.

Training Courses

With the release of the ISO 27001:2022 Information Security Standard update NQA have introduced two new Training courses designed to help you navigate the changes to the standard and apply them to your current management system.

1) ISO 27001:2022 Transition Course (Tutor led)

Duration: 1 Day
Level: 1 (Introduction)

Develop an understanding of changes to the ISO 27001:2022 standard, including the changes to the Annex A controls from ISO 27002:2021. This training will include details about the transition process including information on key areas which will need to be updated prior to any transition audits.

This course is beneficial to those companies looking to transition from ISO 27001:2013 to ISO 27001:2022 and also organisations who may have an unaccredited Information Security management system and are looking to work towards accreditation with the up-to-date information on the standard.

This course aims to provide an understanding of the changes to the ISO 27001:2022 standard including the changes to the Annex A controls from ISO 27002:2021. This one day course will also go through changes required to the Statement of Applicability and Risk Register for a successful transition to the new version of the standard.

This course is aimed at:

  • Senior managers and/or professionals from all types of organisations requiring to understand the changes of ISO 27001:2022

  • Managers and staff, from all functions, who are or will be involved in preparing an information security management system ready for transition, as well as consultants and auditors.


2) ISO 27001:2022 E-Learning

Duration: 1/4 Day
Level: 1 (Introduction)

ISO 27001:2022 was released on 25th October 2022 following the update to ISO 27002:2021 last year. This E-Learning guides learners through the changes in both documents and gives a basic understanding to support organisations who already have an existing Information Security Management System who plan to transition to the new version of this standard.

It will also suit organisations who are new to ISO 27001 and want more information on the changes to make sure their system is ready for certification.

This E-Learning provides an overview of changes including changes in controls in Annex A and what changes you are going to need to make to your management system.

This course is a great starting point to support your transition

This course is aimed at:

  • Anyone who wishes to understand the changes in ISO 27001:2022