Frequently Asked Auestions

Below are some of the frequently asked questions regarding the transition from ISO 27001:2013 to ISO 27001:2022.

• Transition from ISO 27001 2013 to ISO 27001 2022 – Transition timeline

The new version of ISO/IEC 27001 was released on October 25 2022. The transition timeline is set to be 3 years. Current 2013-certificates therefore need to be transitioned to the new version before November 2025.

• What is the transition period for 27001?

The Transition Audit against ISO 27001:2022 should be no later than Jul 31, 2025, to ensure sufficient time to complete the transition process, including certificate issuance, before Oct 31, 2025. All certifications based on ISO/IEC 27001:2013 will expire or be withdrawn after Oct 31, 2025.

• What are the new changes in ISO 27001?

Main changes in the ISO 27001 2022 revision: The main part of ISO 27001, i.e., clauses 4 to 10, has changed only slightly. The changes in Annex A security controls are moderate. The number of controls has decreased from 114 to 93.

• Is there a new version of ISO 27001?

The new ISO/IEC 27001:2022 has been published on October 25, 2022. Some of the main new updates of ISO/IEC 27001:2022 include a major change of Annex A, minor updates of the clauses, and a change in the title of the standard.

• What is latest revision year ISO 27001?

The information security management standard ISO 27001 and its companion standard ISO 27002 were updated in 2022. This page explains the notable changes introduced by ISO 27001:2022 and ISO 27002:2022, and how these changes affect organizations that are certified or planning to certify to ISO 27001.