What is ISO 27001:2022?

At the heart of information security, ISO 27001:2022 stands as the most up-to-date version of the standard. This latest release offers revised Annex A controls, subtle changes to clause language, twelve innovative controls, and refreshed existing controls.

How is ISO 27001:2022 different from the previous version?

This version classifies controls into four distinct categories:

The new controls encompass:

If my company is certified under ISO 27001:2013 or ISO 27001:2017, when will I have to comply with the newest version?

For organizations certified under ISO 27001:2013 or ISO 27001:2017 prior to November 1, 2022, a 36-month transition period begins on November 1, 2022. We will assist you in transitioning to the new version up to your next surveillance audit. Until then, auditors would expect to see the updated version.

The transition includes:

We will add the new tasks under your project status report starting from 1.11.2023.

If you're just starting your ISO 27001 journey, we will start with the latest version of ISO 27001. No changes need to be adopted from your side.

As a Secfix customer, we have paid for a previous version of ISO 27001. Will we also need to purchase ISO 27001:2022?

As a valued Secfix customer, you do not need to purchase ISO 27001:2022 separately. We provide our existing clients free access to the 2022 version. You will find both versions of the standards on Secfix.

What will Secfix automate?

To streamline your compliance process, Secfix offers:

We are dedicated to your success and are here to support you through every step of your information security journey. If you have any more questions, feel free to contact your Customer Success Manager.