On October 25, 2022, the update of ISO 27001 to its 2022 version was published.
The increasing digitalization of companies in different sectors, in which this standard has been taken as the backbone for IT governance, has led to this update. Among the most relevant main reasons:
New security risks have made it necessary to obtain improvements in ISO, both in the area of categorization and in the management of security controls. Since 2013, there have been changes in terms of documentation for the protection of personal data. The upgrade of 27002 to its 2022 version, of which ISO 27001 uses controls for its Annex A.
From the time of publication of ISO 27001:2022, a 3-year (36 months) transition plan will begin, in which organizations will have to adapt their systems to the updates introduced.
ISO 27001:2017 will remain in force until 10/25/2025. In other words, organizations that are in the process of implementing their systems and are certified based on ISO 27001:2017, the maximum validity of these certificates will be until 10/25/2025.
Discover in this guide prepared by OCA Global the main updates in ISO 27001:2022: transition deadlines for its adaptation, improvements and new features.