CCS ISO 9001 Quality Registered
CCS Home Page
CCS Cyber Essentials Certified
Blog Layout
ISO 27001:2022 Transition Guide

ISO 27001:2013 Transition to ISO27001:2022 Information Security, Cyber Security and Privacy Protection

The International Organisation for Standardisation (ISO) has issued the 3rd edition of the Information Security Management System standard ISO27001, it

was published on October 25th, 2022, and will replace ISO27001:2013 through a managed transition.


The International Accreditation Forum (IAF) has outlined the requirements for a 3-year Transition Period for all organisations currently certified to ISO 27001:2013. As with previous ISO Transitions, both the out-going and the in-coming standards will be valid during that time, but certified organisations must work towards transitioning to the new standard before the end of 3-year Transition Period.


What has changed in ISO 27001:2022?


Minor changes within the body of the ISO 27001 standard have been made to better align with the harmonised structure for management system standards (i.e., Annex SL).


Of note, changes have been made in the following requirements:


4.2 Understanding the needs and expectations of interested parties

4.4 Information security management system

6.2 Information security objectives and planning to achieve them

6.3 Planning of changes

9.1 Monitoring, measurement, analysis, and evaluation

9.3.2 Management review inputs


Annex A Regrouped


The Annex A controls have been regrouped from 14 control objectives to the following 4 broad themes:


  1. Organisational (37 Controls)
  2. People (8 Controls)
  3. Physical (14 Controls)
  4. Technological (34 Controls)


Also, 11 new controls have been added within the total of 93, however not all of these controls will need to be used. We can help and guide you to determine, and document this in the ISO 27001:2022 “Statement of Applicability”


New Controls Added


The 11 new controls added to ISO 27001:2022 are:


  1. Threat intelligence
  2. Information security for use of cloud services
  3. ICT readiness for business continuity
  4. Physical security monitoring
  5. Configuration management
  6. Information deletion
  7. Data masking
  8. Data leakage prevention
  9. Monitoring activities
  10. Web filtering
  11. Secure coding

Further Information

ISO 27001 Information

ISO27001 Overview

ISO 27001:2022, developed by the International Organisation for Standardisation (ISO), is a leading standard for Information Security Management Systems (ISMS). It provides a comprehensive framework for organizations to establish, implement, maintain, and continually improve their information security management system.


Further Information
ISO 27001:2022 Transition

ISO27001:2022 Transition Guide

We plan to maintain a clear transition approach that is easy for our clients to comprehend and apply. Our goal is to provide organisations with the guidance and tools to make the transition from ISO 27001:2013 to ISO 27001:2022 as simple and as smooth as possible. This guide covers all the changes and how we can help you transition to this updated standard.


Further Information
ISO 27001 Webinar

ISO 27001:2002 What's new and how do you Adopt or Transition Webinar 

Learn about the changes and how ISO27001:2022 certification offers significant value to any organisation, can be implemented, or transitioned to easily and efficiently, regardless of the size of company, market, product, or service they provide.


Further Information
Share by: