24 February 2023

In 7 steps towards ISO 27001:2022

ISO 27001, the globally recognized standard for information security, underwent an update. The revised standard ISO 27001:2022 was published on 25 October 2022 and contains several technical corrections and a completely revised Annex A. A transition period of three years applies to the renewed standard, which means that certified organizations must have transferred by  November 1st 2025, at the latest. Below are the seven necessary steps before executing the transition audit.

When can you make the transition to ISO 27001:2022?

In response to an update from the International Accreditation Forum:

  • During recertification
    In contrast to earlier reports, half a day of extra audit time will be charged.
  • During the annual follow-up or control audit
    Kiwa will schedule and charge an extra day for this, as well as the cost of a new certificate.

If you want to make the transition, please notify us as soon as possible (preferably four months before the audit). Our planning department will make additional arrangements with you.

What does the transition period look like?

When a standard is revised, a transition period is established. A transition period of three years is maintained for this update. Within this period, all certificate holders must comply with ISO 27001:2022. Below is the timeline for this transition period:

Timeline revision ISO 27001 and ISO 27002.png

Download the timeline ISO 27001:2022 (version 28 June 2024).

In short:

  • From 1 March 2023, Kiwa can conduct audits according to ISO 27001:2022
  • The transition period for ISO 27001:2022 ends on November 1st 2025
  • Until May 1st 2024 Kiwa can conduct initial audits and recertifications against ISO 27001:2017, after this date these types of audits will be conducted against ISO 27001:2022
  • Follow-up or surveillance audits can be conducted against ISO 27001:2017 until November 1st 2025