The ISO/IEC 27001:2022 standard was published on October 25, 2022.
Certification Bodies must have completed their clients’ transition to ISO/IEC 27001:2022 within 36 months of the standard’s publication. Certified organizations are required to complete their transition by the end of October 2025.
In this context, 12 months after the publication of the ISO/IEC 27001:2022 Standard, that is, starting from November 1, 2023, Certification Bodies will not conduct initial certification audits or re-certification audits according to ISO/IEC 27001:2013/ISO/IEC 27001:2017.
Studies for the ISO/IEC 27001:2022 transition of certified bodies should include, but are not limited to:
• GAP analysis of ISO/IEC 27001:2022 and the need for changes in existing ISMS;
• Updating the Statement of Applicability (SoA);
• Updating the risk recovery plan, if any;
• Implementation and effectiveness of new or modified controls selected by customers.
For transition application firstname.lastname@example.org