


HOME >
News Room >
ISO/IEC 27001:2022 Information Security, cybersecurity and privacy protection – Information Security Management Systems – Requirements Transition Program
ISO/IEC 27001:2022 Information Security, cybersecurity and privacy protection – Information Security Management Systems – Requirements Transition Program
The International Organization for Standardization (ISO) has officially published ISO/IEC 27001:2022 Information Security, cybersecurity and privacy protection – Information Security Management Systems – Requirements on 25th October 2022. The transition deadline for all ISO/IEC 27001:2013 certified clients to ISO/IEC 27001:2022 is three (3) years by 31st October 2025. Therefore, as of 31st October 2022, ISO/IEC 27001:2013 standard shall cease.
ISO/IEC 27001:2022 Transition Timeline

When to transit?
The transition to ISO/IEC 27001:2022 could take place during 1st or 2nd surveillance audit, recertification or non-routine audits. Therefore, it is advisable for you to make the necessary preparation to transit to ISO/IEC 27001:2022 as soon as possible and to coincide with your upcoming surveillance or recertification audit.
ISO/IEC 27001:2022 key changes
- Changes to Annex A of ISO/IEC 27001:2013 to align with the updates of ISO/IEC 27002:2022 which was published in early 2022
- Changes to Annex A consist of changes to the number of controls and listing in the groups
- Number of controls has decreased from 114 to 93 as most of the controls have been merged or renamed
- The controls have been restructured into four control groups or sections:
- Organization controls
- People controls
- Physical controls
- Technological controls
- Addition of 11 new controls which consists of threat intelligence, information security for the use of cloud management, ICT readiness for business continuity, physical security monitoring, configuration management, information deletion, data masking, data leakage prevention, monitoring activities, web filtering and secure coding
- Additional new content added to clauses 4.2, 6.2, 6.3, 8.1 and 9.3
- Minor changes to some of the terminology and restructuring of the sentences and clauses