Dear stakeholders, as it is known, the ISO / IEC 27001 standard was revised in October 2022.

ISO 27001:2022 transition can be approved in surveillance audit or recertification audit.

1) Minimum 0.5 audit days for transition audit when performed in conjunction with a recertification audit.

2) When it is carried out in conjunction with the surveillance audit or as a separate audit, thetransition to ISO 27001:2022 can be achieved by adding a minimum of 1.0 audit days for thetransition audit.

Efforts to transition to the new version should include, but are not limited to, at least the following:
– Gap analysis for ISO/IEC 27001:2022 and the need for changes in your ISMS;
– updating the Statement of Applicability (SoA);
– Updating the risk improvement plan, if any;
– Implementation and effectiveness of new or changed controls selected by you.

All certifications based on ISO/IEC 27001:2013 will expire or be withdrawn at the end of the transition period (31 October 2025).

NoActivity to be DoneDeadline
1.Completion of receipt of initial certification applications for ISO/IEC 27001:2013 by IFC GLOBAL31 October 2023
2.Receipt of initial certification applications for ISO/IEC 27001:2022 by IFC GLOBALAfter approval by TURKAK/IAS
3.IFC GLOBAL conducts initial certification audits for ISO/IEC 27001:2022After approval by TURKAK/IAS
4.Completion of migration of certified customers to ISO/IEC 27001:2022October 31, 2025


About Author