ISO 27001 FAQ Guide
Get clear answers and expert guidance to smoothly transition and succeed with ISO/IEC 27001:2022 - your trusted resource for all certification questions.
What is ISO 27001:2022?
For any organization – regardless of size or sector – ISO/IEC 27001 provides a strong foundation for a comprehensive information and cyber security strategy. The standard outlines a best practice ISMS framework to mitigate risks and safeguard business-critical data through identification, analysis and actionable controls. On 25 October 2022, the new version of ISO 27001 was published – marking a new era of information security best practice.
What is ISO 27002:2022 and when was it published?
ISO/IEC 27002 provides the best practice controls that organizations can implement to improve security and was designed to be used as a reference for selecting and implementing controls for risk treatment in an Information Security Management System (ISMS) based on ISO 27001. In February 2022, ISO 27002 was updated.
When does the ISO 27001:2022 transition period end?
Organisations with existing ISO 27001:2013 certification will have until October 2025 to transition to the new standard. After 30 October 2025, certificates to ISO 27001:2013 will expire or be withdrawn.
How and when should I book my transition audit?
Transition audits can now be scheduled. If your renewal audit to ISO 27001:2013 is due after 30 April 2024 you will be required to book your initial audit against the revised standard, ISO/IEC 27001:2022. At LRQA, we are here to support you through the transition process and help you understand how the new version of the standard may affect your organisation. If you have any questions, please speak to your auditor or client support team.
What are the major changes in ISO 27001:2022?
The major changes in ISO 27001:2022 that organizations need to be aware of are the updates to Annex A controls in alignment with ISO 27002:2022.
Key Changes to Annex A Controls:
-
The major changes include the restructuring of the original 14 control domains into four categories.
-
The total number of controls is reduced from 114 to 93 - due mainly to the merging of 57 controls into 24 controls.
-
58 controls remain mostly unchanged, with minor contextual updates.
-
11 controls are brand new to ISO 27001:2022.
How can I prepare for a successful ISO 27001:2022 transition?
-
Training: Learning about the revisions to ISO 27001 can be seamless and managed at your convenience through our virtual or in-person training courses.
Know More - ISO 27001 Training Courses by LRQA -
Gap Analysis: Given the revisions to the ISO 27001 standard, we encourage clients to undergo a gap analysis audit to assess your existing information security management system against the requirements of the new standard.
-
Transition Audit: To book your transition audit, contact your auditor or client support team.
Partner with LRQA for ISO 27001 Certification
Choosing LRQA as your ISO/IEC 27001 certification partner ensures that your information security strategy is supported by some of the industry’s most experienced professionals. With a global presence in more than 55 countries and a team of over 250 cybersecurity specialists and 300 qualified information security auditors, LRQA delivers local expertise powered by world-class knowledge. We provide end-to-end support, from tailored training and gap analysis to accredited certification and integrated audits, all tailored to fit your business needs and operational context. Our flexible service delivery whether on-site or remote ensures you benefit from rapid, high-quality support and access to global best practices. With a legacy of leadership in certification and risk management, LRQA empowers organizations to protect critical information, instill trust with stakeholders, and remain resilient against evolving cyber threats.
Partner with LRQA to confidently build your future on a foundation of uncompromising security and compliance.
If you would like to read the full document or reference it offline, download the ISO 27001 FAQ PDF.
