Services
ISO 27001:2022 Transition
Our goal is to give you confidence and a guarantee that your organisation is ready for ISO 27001:2022
ISO 27001 is the international standard for information security management systems and a vital level of assurance in today's world for cyber security and information governance.
​
All ISO 27001 certifications must transition by 31st October 2025 or your certification will no longer be valid beyond this date.
Even under ISO 27001:2013, businesses are required to develop a plan to achieve the 2022 version transition. Be aware, if this is not in place then there is an urgent need to prepare as organisations can fail their transition audits and certification bodies are filling up their booking calendars fast.
​
A couple of key dates for you to be aware of:
​
-
31st July 2025 - All transition audits should have been completed
-
31st October 2025 - ISO/IEC 27001:2013 no longer valid after this
​
Careful planning can save your business costly recertification fees and costs to support this area are expected to rise as the need for more support through this transition grows. We advise to book now to guarantee vital assistance with your planning and implementation as resources will be very limited in the run up to the above deadlines.
What has changed?
Clauses
Context and Scope: The scope clause now applies to "relevant" requirements of interested parties and processes. This means that organisations need to consider the needs of all of their stakeholders, not just their customers and suppliers.
​
Planning: The planning clause now requires organisations to define their information security objectives and to monitor and review those objectives on a regular basis. This is a change from the previous version, which only required organisations to define their information security policies.
​
Support: The support clause now requires organisations to define how they will communicate information security risks and issues to their staff. This is a new requirement in the new standard.
​
Operation: The operation clause now requires organisations to control "externally provided processes, products, or services" that are relevant to their ISMS. This is a change from the previous version, which only required organisations to control their own processes and systems.
What has changed?
Controls
Restructured: Annex A controls have been rationalised from 14 controls objectives to 4 broad control themes of Organisational, People, Physical and Technological
​
Consolidated: Annex A has been reduced from 114 to 93 controls
​
Additions: 11 new controls have been added including:
-
Threat Intelligence
-
Information Security for use of Cloud Services
-
Physical Security Monitoring
-
ICT Readiness for Business Continuity
-
Configuration Management
-
Information Deletion
-
Data Masking
-
Data Leakage Prevention
-
Monitoring Activities
-
Web Filtering
-
Secure Coding
​
CentriVault have already mapped successfully across the 2013 and 2022 controls and can assist in the preparation of potentially 20+ new ISMS documents, policies and procedures need to upgrade your management system.
Why trust CentriVault
Let us help Secure your Future
Our Efficiency
Get audit ready in as little
as 3 months
Pass Rates
Running at a 100% first-try pass rate on ISO 27001:2022
Great Value
We deliver results at a cost better than most external consultants
Time Saving
We can save up to 100 hours of your manual work in getting certified
Complete Trust
100% positive customer feedback in trusting us in our 27001 services
Customer First
We guarantee our delivery of transition-ready in our approach
Take the First Step
The next step is to add your contact details below so our engagement team can help deliver on your ISO 27001:2022 transition requirements