CCS Home Page
CCS ISO 9001 Quality Registered
ISO 27001:2022 Transition Guide

Stay Ahead with ISO 27001:2022:

Your Guide to Seamless Transition and Implementation.

On Tuesday, October 25th, 2022, ISO released the updated ISO 27001:2022 Information Security Standard, replacing ISO 27001:2013 through a managed transition. The International Accreditation Forum (IAF) has stipulated a 3-year Transition Period for organizations certified to ISO 27001:2013. During this period, both old and new standards remain valid, but certified organizations must transition to the new standard before its completion. This transition ensures alignment with the latest standards and requirements set forth by ISO and IAF.

What has changed in ISO 27001:2022?

Minor changes within the body of the ISO 27001 standard have been made to better align with the harmonised structure for management system standards (i.e., Annex SL). Of note,


Changes have been made in the following requirements:


4.2 Understanding the needs and expectations of interested parties

4.4 Information security management system

6.2 Information security objectives and planning to achieve them

6.3 Planning of changes

9.1 Monitoring, measurement, analysis, and evaluation

9.3.2 Management review inputs


The Annex A controls have been regrouped from 14 control objectives to the following 4 broad themes:


  1. Organisational (37 Controls)
  2. People (8 Controls)
  3. Physical (14 Controls)
  4. Technological (34 Controls)


Also, 11 new controls have been added within the total of 93, however not all of these controls will need to be used. We can help and guide you to determine, and document this in the ISO 27001:2022 “Statement of Applicability”


The 11 new controls added to ISO 27001:2022 are:


  1. Threat intelligence
  2. Information security for use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

ISO 27001:2022 Transition Process

We plan to maintain a clear transition approach that is easy for our clients to comprehend and apply. Our goal is to provide organisations with the guidance and tools to make the transition from ISO 27001:2013 to ISO 27001:2022 as smooth as possible.


The transition process for ISO 27001:2022 includes three primary deliverables:


  1. Initial Meeting: This will be with our IRCA qualified consultant to discuss the changes and how they will impact the organisation; what changes will need to be made to the management system documentation (MSD), and which of the new controls will apply along with what the organisation needs to do to become compliant.
  2. Management System Documentation: Creation of new and/or amended MSD along with supporting you in the work you need to undertake and agree the new and/or amended MSD. This includes the Statement of Applicability (SOA).
  3. Presentation of Management System: Formal handover and presentation of new ISO 27001:2022 Management System


Once our consultancy work is complete, we estimate you will require between 2-12 weeks to evidence that you are following the ISO framework before certification is audited and issued, we can assist with this by either, independent (QAS International), or your chosen UKAS Certification body.


Please note that all work carried out by our consultants will meet both independent and UKAS certification standards.


Maintaining the system will also require an annual surveillance audit by a Certification Body.


In order to discuss this further please book an ISO Benefits Review

Is ISO 27001 is an investment, or a cost?

ISO 27001 should be seen as an investment, and not as a cost to your business, it is an investment in the following:


  • Your Company
  • Win more business, increase profits, control costs, protect yours, your customers and other interested parties Information and data, protect against potential fines, loss of reputation or other damages relating to governance and compliance as well as protecting your reputation and brand.
  • Your Employees
  • Influences operational performance, protect, and safeguard your people, enable them to have a clear understanding of their role and responsibility where information and data security is concerned, as well as internally motivate and enhance performance.
  • Your Customers
  • To demonstrate reliability and high quality of service, reduce security incidents, risks and improve services, meet and exceed service level agreements, and assure customers that they are working with an information and data security focused supplier.
  • ·Your Future!
  • Protect yours and your customers information and data, ensure that your business can continue to operate, prove your credentials to a global market, and grow and develop in a controlled way!
Request Transition Pricing

ISO 27001:2022 Changes, Adoption & Transition Webinar

In this live webinar recording we will be discussing the changes to the standard, what it means to you, and what you need to do to implement or transition to this new improved standard.

Invest in Security, Elevate Your Future: ISO 27001:2022 for Sustainable Growth.

Request a copy of the new ISO 27001 Checklist and Questionnaire

To find out how these changes will affect you and to request a copy of the ISO 27001:2022 overview, checklist, and questionnaire below:

Contact Us

In the dynamic and competitive landscape of today's business world, organizations strive to achieve excellence in various facets of their operations. One crucial aspect is the implementation of internationally recognized standards that ensure the quality, safety, and efficiency of business processes. CCS stands as a strategic partner in supporting businesses on their journey towards excellence by providing consultancy and certification for a range of ISO standards. These standards cover diverse areas such as quality management, environmental sustainability, health and safety, energy management, information security, privacy, IT service management, business continuity, medical devices management, and food safety. Incorporating these ISO standards into the organizational framework not only enhances operational efficiency but also positions businesses as responsible, forward-thinking entities. CCS stands ready to support organizations in their implementation journey, contributing to their success and sustainability in a global marketplace.
Share by: