Home Resources News

ISO 27001:2022 Update

12 August 2022
In anticipation of the release of ISO 27001:2022 later this year, the International Accreditation Forum (IAF) have set out the mandatory requirements for transitioning to the new version of this standard. This is detailed in the document IAF MD 26.

What you need to know if you hold ISO 27001:2013 certification:

  1. You will have 36 months to update your ISMS and transition your certification from the release of ISO 27001:2022. After 36 months all ISO 27001:2013 certificates will expire or be withdrawn

  2. Your certification body will need to conduct a transition assessment within this time period and issue you an updated certificate.

  3. The transition assessment will determine whether you have updated your ISMS to the new requirements of ISO 27001:2022 including the significant changes to Annex A controls.

  4. You can transition at a surveillance audit, a recertification audit or a stand alone assessment. Typically this will require additional audit time.

  5. No new certificates for ISO 27001:2013 can be issued after 12months from the release of ISO 27001:2022

What NQA is doing?

  1. NQA is working on providing further specific guidance and support. We will be creating a focussed ISO 27001 transition section on our website and communicating with our certified customers.

  2. We will shortly release training courses to support clients transition their ISMS

  3. We will be preparing ourselves to conduct audits against ISO 27001:2022 and support our clients towards a smooth transition.

We will provide updates as more information becomes available. To stay up to date with the latest industry developments, sign up to our monthly newsletter here.