The transition period from ISO 27001:2013 to ISO/IEC 27001:2022 began on October 31, 2022, and will last until October 31, 2025. Companies that might be certified to ISO 27001:2013 have 3 years from the start of the transition period to make the fundamental changes and achieve certification to the updated ISO/IEC 27001:2022 standard.
During this transition period, organizations are expected to update their Information Security Management System (ISMS) to align with the requirements of ISO/IEC 27001:2022. They will need to undergo a transition audit with their certification body to demonstrate compliance with the new standard.
It's essential for organizations to plan and begin their transition process well in advance to ensure a smooth and successful transition to the updated standard. By the end of the transition period on October 31, 2025, certifications based on ISO 27001:2013 will expire or be withdrawn, and organizations must be certified to ISO/IEC 27001:2022 to maintain their certification status.
For organizations certified to ISO/IEC 27001:2013, the new edition of the standard has some key changes. Learn more about them and the transition timeline by downloading our new whitepaper.
Organizations should engage with their certification bodies and stay informed about the updates and requirements of ISO/IEC 27001:2022 during the transition period. Being proactive in the transition process will help ensure that information security management practices remain up-to-date and aligned with the latest industry best practices and cybersecurity standards.
Utkarsh Gangakhedkar heads as a Product Manager for India Operations – Information Technology and Lead Auditor for ISMS, QMS , EMS, OH&S, TFS and EFFCI. As an auditor, he brings a perspective gaze for detail and a commitment to maintaining the highest standards of quality in the industry.
