BM TRADA Logo Library
Get a quote
Home Resources News

Countdown to ISO 27001:2022 Transition Completion – Only One Year to Go!

01 November 2024
7-minute read

With one year remaining until the ISO 27001:2013 standard expires, organisations certified to the current version must complete their transition to ISO 27001:2022 by October 31, 2025.

This deadline marks the end of the three-year transition period, and it’s crucial that businesses start their preparations now to ensure a smooth and timely transition process.

Why Transitioning Now Matters

While October 31, 2025, may sound distant, organisations should not wait until the last minute to schedule audits. Transitioning early will save your team from a last-minute scramble and reduce the risk of compliance gaps that could jeopardise your certification status.

About ISO 27001:2022

ISO 27001:2022 brings significant updates to information security management, aimed at aligning with the evolving digital landscape and strengthening defenses against cybersecurity threats. These updates reflect a more streamlined and risk-focused approach, including substantial changes in the Annex A - control structure. 

The 14 control domains from ISO 27001:2013 have been reorganised into four key categories—organisational, people, physical, and technological controls and eleven new controls have been added, covering critical areas like threat intelligence, secure coding, and cloud security, to reflect today’s heightened security demands.

For organisations preparing to transition, these structural changes will require a careful review and adjustment of their ISMS. 

Key Steps for a Successful Transition

To support clients throughout this transition, we advise to:

  1. Conduct a Formal Gap Analysis: This analysis is essential for identifying any areas of non-compliance with ISO 27001:2022 and should be thoroughly reviewed during management meetings. NQA provides a Gap Analysis Tool to help teams assess their systems against the new standard and guide them through any necessary updates.

  2. Schedule Early: To avoid a last-minute rush, we suggest booking transition audits before July 2025. This provides enough time to address any corrective actions arising from the audit, minimising the risk of non-compliance and ensuring a smoother certification process.

  3. Review and Update Documentation: Ensure that all documentation reflects the changes in the 2022 standard. From planning to management review and risk assessment, each document and policy should align with the new control themes.

  4. Complete Internal Audits and Management Reviews: Organisations must complete an internal audit and review the new and updated requirements to ensure readiness for the transition audit. This step is crucial for confirming compliance and demonstrating to auditors that the organisation has effectively integrated the updated standard.

How NQA Can Help

As part of our commitment to supporting your successful transition, we offer resources and tools designed specifically for ISO 27001:2022. These include:

  • Pre-Assessment and Gap Analysis: Our team can conduct pre-assessments or gap analyses of your ISMS to evaluate compliance with ISO 27001:2022. This allows for early detection of any gaps that need addressing before the transition audit.

  • Educational Webinars and Blogs: We continue to offer webinars and blogs, covering everything from understanding the updates to common FAQs. 

  • Training Courses: NQA provides ISO 27001 transition courses to ensure your team has the knowledge and tools necessary for a seamless transition.

Time to Act is Now

Remember, after October 31, 2025, certificates based on ISO 27001:2013 will no longer be valid, and only ISO 27001:2022-compliant certifications will be recognised. 

Transitioning well before the deadline minimises potential disruptions and helps safeguard your organisation’s compliance status.

To kick-start your transition, download our Gap Guide and Gap Analysis Tool. For additional support, our certification experts are available to answer any questions and offer further guidance.

Stay proactive—secure your ISO 27001:2022 certification today, and continue protecting your information assets with confidence.
​​​​​

If you have any questions or need to speak to someone regarding your transition, please contact us