9 December 2022

Transition to new version ISO 27001

The new version of ISO 27001 was published on 25 October 2022. A transition period of three years applies and certified organizations must therefore have switched to ISO 27001:2022 on  November 1st 2025. Below we have listed the most important information about the transition process.

 To enable certified organizations to make this transition as gradual and smooth as possible, Kiwa is currently preparing the accreditation expansion for ISO 27001:2022. The Accreditation Council (RvA) has to approve this extension, because it concerns a new version of the standard. This approval is expected on the 1st of February 2023 at the earliest, but no later than the 1st of June 2023.

Transition period

If the RvA accredits Kiwa for ISO 27001:2022 on the 1st of February 2023, certification against the new standard can be carried out from the 1st of March 2023. If Kiwa obtains this extension on the 1st of June 2022, it can certify against ISO 27001:2022 from the 1st of July 2022. The transition period for ISO 27001:2022 ends on the 1st of November 2025, so all ISO 27001-certified organizations must have made the transition to the 2022 version before then.

Timeline revision ISO 27001 and ISO 27002 - February 2023.png

Download the timeline ISO 27001:2022 (version 24 Feb 2023).

Integrated audit with NEN 7510

The standard NEN 7510 for information security in the Dutch healthcare sector is also on the eve of revision. So until that revision is published, a kind of parallel situation exists. During audits in which your organization is making (or has made) the transition, ISO 27001:2022 and NEN 7510-1_2017+A1_2020 will both be assessed.

More information

Kiwa is happy to think along with you about the optimal audit moment for your organization. If you have any questions about this, please contact Kiwa's Expert Center Cybersecurity via NL.cybersecurity@kiwa.com.