top of page
Video Game

Services

ISO 27001:2022 Transition

Our goal is to give you confidence and a guarantee that your organisation is ready for ISO 27001:2022

ISO 27001 is the international standard for information security management systems and a vital level of assurance in today's world for cyber security and information governance.

​

All ISO 27001 certifications must transition by 31st October 2025 or your certification will no longer be valid beyond this date.

 

Even under ISO 27001:2013, businesses are required to develop a plan to achieve the 2022 version transition. Be aware, if this is not in place then there is an urgent need to prepare as organisations can fail their transition audits and certification bodies are filling up their booking calendars fast.

​

A couple of key dates for you to be aware of:

​

  • 31st July 2025 - All transition audits should have been completed

  • 31st October 2025 - ISO/IEC 27001:2013 no longer valid after this

​

Careful planning can save your business costly recertification fees and costs to support this area are expected to rise as the need for more support through this transition grows. We advise to book now to guarantee vital assistance with your planning and implementation as resources will be very limited in the run up to the above deadlines.

shutterstock_2462149551-1170x680.webp
Signing a Contract

What has changed?

Clauses

Context and Scope: The scope clause now applies to "relevant" requirements of interested parties and processes. This means that organisations need to consider the needs of all of their stakeholders, not just their customers and suppliers.

​

Planning: The planning clause now requires organisations to define their information security objectives and to monitor and review those objectives on a regular basis. This is a change from the previous version, which only required organisations to define their information security policies.

​

Support: The support clause now requires organisations to define how they will communicate information security risks and issues to their staff. This is a new requirement in the new standard.

​

Operation: The operation clause now requires organisations to control "externally provided processes, products, or services" that are relevant to their ISMS. This is a change from the previous version, which only required organisations to control their own processes and systems.

What has changed?

Controls

Restructured: Annex A controls have been rationalised from 14 controls objectives to 4 broad control themes of Organisational, People, Physical and Technological

​

Consolidated: Annex A has been reduced from 114 to 93 controls

​

Additions: 11 new controls have been added including:

  • Threat Intelligence

  • Information Security for use of Cloud Services

  • Physical Security Monitoring

  • ICT Readiness for Business Continuity

  • Configuration Management

  • Information Deletion

  • Data Masking

  • Data Leakage Prevention

  • Monitoring Activities

  • Web Filtering

  • Secure Coding

​

CentriVault have already mapped successfully across the 2013 and 2022 controls and can assist in the preparation of potentially 20+ new ISMS documents, policies and procedures need to upgrade your management system.

Security Room

Your CV Roadmap to Transition

Raise awareness and provide the necessary information to your staff on the updated requirements

​

Perform a change analysis and gap assessment to identify where your processes need adjustments

​

Review documentation and update to reflect the required changes and additions to the 2022 version

​

Perform internal audits and management reviews as needed to meet the requirements

​

Perform a transition gap assessment to identify remaining gaps and address them before the formal audit

​

Support the formal transition audit with a final review ensuring you are guaranteed to be ready

​

Support continuous improvement with independent assessment of your ISMS and its effectiveness​

Why trust CentriVault

Let us help Secure your Future

Our Efficiency
Get audit ready in as little
as 3 months

Pass Rates
Running at a 100% first-try pass rate on ISO 27001:2022

Great Value
We deliver results at a cost better than most external consultants

Time Saving
We can save up to 100 hours of your manual work in getting certified

Complete Trust
100% positive customer feedback in trusting us in our 27001 services

Customer First
We guarantee our delivery of transition-ready in our approach

Take the First Step

The next step is to add your contact details below so our engagement team can help deliver on your ISO 27001:2022 transition requirements

Thanks for submitting!We will get back to you very soon

bottom of page