When was the update published?
On 25th October 2022, the final version of ISO/IEC 27001: 2022 was published. The International Accreditation Forum (IAF) have agreed and set out their mandatory requirements to enable the swift and timely transition across to the new version of the standard. These requirements are set out within IAF MD26 2.0 document.
What does this mean for our clients who hold certification?
There are some steps which you will have to follow to transfer your current ISO 27001 to the new ISO/IEC 27001:2022 standard:
- You will have until 31/10/2025 to complete the necessary updates to your ISMS and complete the transition across to the new standard. ** It should be noted that as of 31/10/2025, all certificates to ISO 27001: 2013/17 will no longer be valid.**
- Your certification body (British Assessment Bureau) will need to complete a transition assessment before 31/10/2025 prior to an updated certificate being issued. This assessment will focus on your business’ compliance against the new requirements of the standard, focusing heavily on the changes to Annex A of the standard.
- You can transition at a surveillance audit, a recertification audit or a standalone assessment. Typically this will require additional audit time.
What does this mean if I am aiming to achieve certification in the near future?
Any new clients that become certified prior to British Assessment Bureau gaining their ISO/IEC 27001:2022 accreditation with its Regulator, UKAS, will be certified to either the 2013 or 2017 versions of the standard.
Where to get training on ISO/IEC 27001:2022.
To help clients with the transition process we will be organising webinars and developing training programmes. Sign up for our ISO/IEC 27001:2022 training or webinars by completing the form below.