CCS Home Page
CCS ISO 9001 Quality Registered
Blog Layout
ISO 27001:2022 Transition Guide

ISO 27001:2013 Transition to ISO27001:2022:

Information Security, Cyber Security and Privacy Protection

The International Organisation for Standardisation (ISO) has issued the 3rd edition of the Information Security Management System standard ISO27001, it

was published on October 25th, 2022, and will replace ISO27001:2013 through a managed transition.


The International Accreditation Forum (IAF) has outlined the requirements for a 3-year Transition Period for all organisations currently certified to ISO 27001:2013. As with previous ISO Transitions, both the out-going and the in-coming standards will be valid during that time, but certified organisations must work towards transitioning to the new standard before the end of 3-year Transition Period.


What has changed in ISO 27001:2022?


Minor changes within the body of the ISO 27001 standard have been made to better align with the harmonised structure for management system standards (i.e., Annex SL).


Of note, changes have been made in the following requirements:


4.2 Understanding the needs and expectations of interested parties

4.4 Information security management system

6.2 Information security objectives and planning to achieve them

6.3 Planning of changes

9.1 Monitoring, measurement, analysis, and evaluation

9.3.2 Management review inputs


Annex A Regrouped


The Annex A controls have been regrouped from 14 control objectives to the following 4 broad themes:


  1. Organisational (37 Controls)
  2. People (8 Controls)
  3. Physical (14 Controls)
  4. Technological (34 Controls)


Also, 11 new controls have been added within the total of 93, however not all of these controls will need to be used. We can help and guide you to determine, and document this in the ISO 27001:2022 “Statement of Applicability”


New ISO 27001:2022 Controls Added


The 11 new controls added to ISO 27001:2022 are:


  1. Threat intelligence
  2. Information security for use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

Further Information

ISO 27001

ISO27001 Overview

ISO27001 provides a framework to provide Information security, cyber security and privacy protection that aims to protect the information of your organisation from security threats and will enable you to identify your information and data assets, determine the threats, assess the vulnerabilities, and then look for the controls within ISO27001 to address them.
ISO 27001:2022 Transition Guide

ISO 27001:2022 Transition Guide

ISO27001:2022 was published on October 25th, 2022, and will replace ISO27001:2013 through a managed transition.

The International Accreditation Forum (IAF) has outlined the requirements for a 3-year Transition Period for all organisations currently certified to ISO 27001:2013. 
Navigating the realm of ISO certification can be a transformative journey for any organization, whether you are new to the ISO standards or have been a certified company for some time. The path to ISO excellence is marked by various checkpoints, each offering unique benefits and opportunities for growth. In this context, we present a suite of services tailored to both new entrants and seasoned ISO-certified companies, designed to enhance and amplify the benefits of your ISO experience

ISO Fixed Price Investment Quotation

At CCS, we offer a clear and structured 5-step approach to ISO implementation utilising our ISO Management Platform (IMSMLoop) to ensure a smooth and efficient process for your organization across a wide range of ISO standards, and rest assured that the investment quotation we will supply for the development of the ISO management system are fixed, and there will be no additional or hidden charges regardless of the duration or complexity of your business.
Share by: