On October 2022 the new version of the ISO/IEC 27001 standard has been issued (version ISO/IEC 27001:2022) which replaces the current version (ISO/IEC 27001:2013).
Based on the requirements of IAF (International Accreditation Forum), those of our Accreditation Body (ESYD) and according to our procedures the following apply:
- Beginning on April 30, 2024 any Certification or Recertification audit will be conducted against the requirements of the new version of the standard.
- The validity of the certificates issued according to the previous version (ISO/IEC 27001:2013) expires on October 30, 2025*.
Note: Those who have a certificate issued by Q-CERT and have a validity (Certification Period Ending) beyond October 30, 2025 should be aware that their Certification Period Ending is October 29, 2025 and not the one documented on the certificate. Organizations that have such certificates will receive an updated certificate with the abovementioned expiration date.
Transition Procedure to the new version of the standard (ISO/IEC 27001:2022)
Based on the instructions issued by IAF and ESYD the following apply:
- A) Transition to the new version during a Recertification audit:
- In this case at least half a day of audit will be needed.
- B) Transition to the new version within the certification cycle:
- Conduct the transition during a routine surveillance audit. In this case additional audit time of at least one day depending on the complexity of the activities and the size of the company will be needed.
- Conduct the transition as a standalone (special) audit. Also, in this case at least one day of audit will be needed.
Should you have any questions regarding the migration process don’t hesitate to conduct us at email@example.com
For the transition process you can also be informed by ESYD’s web page in the following link:
or in IAF’s webpagehttps://iaf.nu/iaf_system/uploads/documents/IAF_MD26_Issue_2_15012023.pdf