In 2022, both ISO/IEC 27001 and 27002 were updated.
This post provide some hints and references about how to make transition from ISO/IEC 27001:2013 with Cor 1/2014 and Cor/2015 to ISO/IEC 27001:2002.
FAQs about transitioning to ISO/IEC 27001:2022
How many controls has 27001:2022?
Version 27001:2022 annex 1 contains 93 controls, divided in 4 chapters.
My organization is certified in 27001:2013. When do I need to adapt to 27001:2022?
The International Accrediation Forum (IAF) has released a document, classified as Mandatory Document (MD), coded IAF MD26:2022 and titled “Transition Requirements for ISO/IEC 27001:2022“.
This document states that organizations must adapt its ISMS in a maximum of 36 months, it means, before 2025-10-31.
I already started 27001:2013 certification. What is the deadline to be certified to the older version.
Organizations can be certified on the previous version 27001:2013 until 2024-03-30.
After this date, they will only be able to certify to the ISO/IEC 27001 version in force.
The initial deadline was 2023-10-31, but it was updated.
You might also be interested in…
External references
- PECB; “ISO/IEC 27001 – What are the main changes in 2022“, PECB, 2022-10-25
- Instant 27001; “ISO 27001:2022 update“, Instant 27001
- PECB; Webinar “ISO/IEC 27001:2022 – What are the changes? (video)”, PECB, 2022-10
- NQA; “ISO 2700:2022 Transition Guidance for Clients“, NQA
- Matthew J. Schiavone; “ISO 27001/27002: What you need to know“, Cherry Beckaert