Home /

Transition to ISO/IEC 27001:2022, the new version 

Transition to ISO/IEC 27001:2022, the new version 

Transition to ISO/IEC 27001:2022, the new version 

ISO/IEC 27002:2022 was released in February 2022 and signalled a version change to ISO/IEC 27001 as well.  

An intensive and meticulous preparation plan started for Certification Bodies about what to do about the version transition. 

In this article, we will detail the updates to the ISO/IEC 27001. Migration requirements are outlined to some extent and we’ll explain the key takeaways so you better understand what to expect as the implementation progresses. 

What Stage Is ISO/IEC 27001:2022 Currently? 

Currently ISO/IEC 27001:2022 is in what is called the Final Draft International Standard (FDIS) stage; this means that the final text of the proposed updates has gone through its final review and vote: 

This current FDIS phase for ISO/IEC 27001:2022 or ISO/IEC FDIS ISO 27001 started on July 28, 2022. A comment will appear in the first weeks of October following the completion of the aforementioned final vote that the publication has been approved or needs to be reviewed. We expect ISO/IEC 27001:2022 to be published in Q4 2022 with high probability. 

Insider information on discussions within the standard setting committee points out that the latest draft of the new standard will be minimal.  


It will take approximately six months for accreditation bodies to establish an ISO/IEC 27001:2022 certification scheme and for accredited certification bodies to train auditors on the revised scheme. There will then be a transition period of typically 18 months. 

If the new standard is published in October 2022, compliance will only be enforced until October 2024. Of course, the transition period can be even longer if revisions to the Standard are unexpectedly more complex. 

Currently, the best time to start an ISO 27001 project is now: cybercriminals don’t wait, and your customers are increasingly disinterested in dealing with suppliers whose information security frameworks are inadequate to meet today’s cyber challenges. 

The changes made in ISO/IEC 27001 and ISO/IEC 27002 in 2022 are very valuable in order to address Information Security Management Systems in a wide scope and to adapt to rapidly developing technology gaps. 

As CFECERT, we will be informing you about the changing standard items during the transition training to the 2022 version. 

If you want to get information about our trainings, you can contact us at training@cfecert.co.uk. 

If you have questions about Version Migration Check, you can contact us by sending an email to certification@cfecert.co.uk. 

ISO 9001 QMS

ISO 9001 is the international standard designed to help organisations implement a Quality Management System (QMS).

Learn More