Home Resources News

ISO 27001:2022 Has Been Published

25 October 2022
On Tuesday 25th October 2022 ISO released the updated ISO 27001:2022 Information Security Standard. The International Accreditation Forum (IAF) have set out the mandatory requirements for transitioning to the new version of this standard. This is detailed in the document IAF MD 26.

What you need to know if you hold ISO 27001:2013 certification:

  1. You will have until October 31st 2025 to update your ISMS and transition your certification to ISO 27001:2022. After October 31st 2025 all ISO 27001:2013 certificates will cease to be valid.

  2. Your certification body will need to conduct a transition assessment within this time period and issue you an updated certificate.

  3. The transition assessment will determine whether you have updated your ISMS to the new requirements of ISO 27001:2022 including the changes to Annex A controls.

  4. You can transition at a surveillance audit, a recertification audit or a stand alone assessment. Typically this will require additional audit time.

What is NQA is doing?

  1. NQA is working on providing further specific guidance and support. We will be creating a focussed ISO 27001 transition section on our website and communicating with our certified customers in the coming days.

  2. We have released two new training courses to aid with the transition, detailed below

  3. We will be preparing ourselves to conduct audits against ISO 27001:2022 and support our clients towards a smooth transition.

We will provide updates as more information becomes available. To stay up to date with the latest industry developments, follow us on sign up to our monthly newsletter here.