BM CertificationNews
Transition to ISO/IEC 27001:2022

Transition to ISO/IEC 27001:2022

On August 9, 2022, the International Accreditation Forum has published the document IAF MD 26:2022, which defines the requirements for the accreditation and certification bodies for transition to ISO/IEC 27001:2022.

Transition to ISO/IEC 27001:2022

Changes to ISO/IEC 27001:2022

According to the document, the significant changes to ISO/IEC 27001:2022 are:

  • Annex A references to the controls in ISO/IEC 27002:2022;
  • The notes of Clause 6.1.3 c) are revised editorially;
  • The wording of Clause 6.1.3 d) is re-organized to remove the potential ambiguity;

Compared to the previous version of the standard, the number of controls in ISO/IEC 27002:2022 has decreased from 114 controls divided into 14 sections to 93 controls in 4 sections. 24 controls have been merged and 58 controls have been updated.

Changes to certified companies

In order for companies to transfer to ISO/IEC 27001:2022 certification, the following steps must be taken (but not limited):

  • the gap analysis of ISO/IEC 27001:2022, as well as the need for changes to the client’s ISMS;
  • the updating of the statement of applicability (SoA);
  • if applicable, the updating of the risk treatment plan;
  • the implementation and effectiveness of the new or changed controls chosen by the clients;

All certified customers must transition to ISO/IEC 27001:2022 within 36 months of the standard’s publication date, tentatively October 2025.

 Requirements for certification bodies

Certification bodies must be accredited according to ISO/IEC 27001:2022 within 12 months from the publication of the standard, taking into account the capabilities of the accreditation bodies.

Customers’ transition to the new ISO/IEC 27001:2022 can be organized by:

  • In the regular audit
  • transition audit

As a minimum, the audit shall include an additional 0.5 auditor day.

For existing customers, BM Certification will prepare detailed information on the transition to the new ISO/IEC 27002:2022.

The document is available here:

Get quotation

Get quotation

Legal adress

Contact person

By what standard do you want to certify a company?

Quality, occupational health and environment
Information security and data security
Supply chain certification
Sustainable Development
Food safety certification
Construction product certification
Certification of wooden house construction sets
Timber Regulation
Forest management certification
Sustainable Development

Please describe what the company does and which processes and / or products / services you want to certify.

Additional comment

Thank you, your application has been received!

Do you want to close the form?
Data will not be saved or sent.

Send us a message

Send us a message

Thank you, your message has been received!

Māris Zamovskis
head of the management systems certification department at BM Certification