Management Systems Certification

Product Certification

CSA SG Cyber Safe Trustmark & Essentials Mark

Certified Companies

Training

ISO 9001:2015 (Quality Management System)

ISO 14001:2015 (Environmental Management System)

ISO 45001:2018 Occupational Safety & Health Management System

bizSAFE Level 1 & 2 courses

GDPMDS / SS 620:2016 (Good Distribution Practice for Medical Devices in Singapore)

SS 651:2019 Safety and Health Management System for Chemical Industry

IMS, Integrated Management System

ISO 22000:2018, Food Safety Management System

SS 444 Hazard Analysis and Critical Control Point (HACCP)

SS 590:2013 (HACCP-Based) Food Safety & Internal Auditor Training

ISO 22301:2019 (Business Continuity Management System)

ISO 29993:2017 Learning Service outside Formal Education - Service Requirements

ISO 41001:2018 Facility Management System (FSMS)

ISO 46001: 2019 Water Efficiency Management System

ISO 50001:2018 Energy Management System

ISO 55001:2014 Asset Management System

ISO 37001: 2016 Anti-Bribery Management Systems

ISO 27001:2013 Information Security Management System

SS584:2020 Multi-Tiered Cloud Computing Security Management System

SS 632:2017 Organic Primary Produce Internal Auditor

SS 668:2020 Cold Chain Management of Chilled & Frozen Foods

HOME > News Room > ISO/IEC 27001:2022 Information Security, cybersecurity and privacy protection – Information Security Management Systems – Requirements Transition Program

ISO/IEC 27001:2022 Information Security, cybersecurity and privacy protection – Information Security Management Systems – Requirements Transition Program

The International Organization for Standardization (ISO) has officially published ISO/IEC 27001:2022 Information Security, cybersecurity and privacy protection – Information Security Management Systems – Requirements on 25th October 2022. The transition deadline for all ISO/IEC 27001:2013 certified clients to ISO/IEC 27001:2022 is three (3) years by 31st October 2025. Therefore, as of 31st October 2022, ISO/IEC 27001:2013 standard shall cease.

ISO/IEC 27001:2022 Transition Timeline

When to transit?
The transition to ISO/IEC 27001:2022 could take place during 1st or 2nd surveillance audit, recertification or non-routine audits. Therefore, it is advisable for you to make the necessary preparation to transit to ISO/IEC 27001:2022 as soon as possible and to coincide with your upcoming surveillance or recertification audit.

ISO/IEC 27001:2022 key changes

Changes to Annex A of ISO/IEC 27001:2013 to align with the updates of ISO/IEC 27002:2022 which was published in early 2022
Changes to Annex A consist of changes to the number of controls and listing in the groups
Number of controls has decreased from 114 to 93 as most of the controls have been merged or renamed
The controls have been restructured into four control groups or sections:
Organization controls
People controls
Physical controls
Technological controls
Addition of 11 new controls which consists of threat intelligence, information security for the use of cloud management, ICT readiness for business continuity, physical security monitoring, configuration management, information deletion, data masking, data leakage prevention, monitoring activities, web filtering and secure coding
Additional new content added to clauses 4.2, 6.2, 6.3, 8.1 and 9.3
Minor changes to some of the terminology and restructuring of the sentences and clauses