What is ISO 27001? And Do I Need To Change My ISMS?

The latest published version of the standard at ISO is ISO 27001:2022.  This introduced a number of changes.

In 2022 the international standard for information security management system (ISMS) was updated and published, requiring any organisation certified to ISO 27001:2013 to migrate to ISO 27001:2022 by October 2025 in order to remain compliant.

However shortly after, a 2023 version of the standard appeared. So what is ISO 27001:2023 and do you need to transition to this standard?

Is there a new edition of ISO 27001?

The latest published version of the standard at ISO is ISO 27001:2022.  This introduced a number of changes including 11 new controls, and a reorganised Annex A based on ISO 27002:2022.

Read more: What Has Changed in ISO 27002:2022? 

Why is there a 2023 edition of ISO 27001?

There are no material differences between the 2022 and 2023 editions of the standard, and many certification bodies are likely to reference the 2022 version as was published by ISO.The 2023 version has appeared because the standard was adopted in Europe by CEN (the European Committee for Standardisation), causing BSI to change the name from: BS ISO/IEC 27001:2022 to BS EN ISO/IEC 27001:2023

If you have implemented ISO 27001:2022 there is no need to acquire a 2023 copy.

Get Started

There has never been a better time to invest in ISO certification. Show your commitment to quality management, the environment or occupational health & safety performance with a UKAS certified ISO certification from Compliant.
Get in Touch