On August 9, 2022, the International Accreditation Forum has published the document IAF MD 26:2022, which defines the requirements for the accreditation and certification bodies for transition to ISO/IEC 27001:2022.ICDQ Greece is completing the procedure for the update of accreditation from 2013 version and offering auditing and certification service according to the new ISO/IEC 27001:2022. All certified customers must transition to ISO/IEC 27001:2022 within 36 months of the standard’s publication date, tentatively October 2025.

Changes to ISO/IEC 27001:2022

According to the document, the significant changes to ISO/IEC 27001:2022 are:

Annex A references to the controls in ISO/IEC 27002:2022;
The notes of Clause 6.1.3 c) are revised editorially;
The wording of Clause 6.1.3 d) is re-organized to remove the potential ambiguity;

Compared to the previous version of the standard, the number of controls in ISO/IEC 27002:2022 has decreased from 114 controls divided into 14 sections to 93 controls in 4 sections. 24 controls have been merged and 58 controls have been updated.

Changes to certified companies

In order for companies to transfer to ISO/IEC 27001:2022 certification, the following steps must be taken (but not limited):

the gap analysis of ISO/IEC 27001:2022, as well as the need for changes to the client’s ISMS;
the updating of the statement of applicability (SoA);
if applicable, the updating of the risk treatment plan;
the implementation and effectiveness of the new or changed controls chosen by the clients;

Leave Comment

Your email address will not be published. Required fields are marked *

clear formSubmit