TÜV AUSTRIA HELLAS, consistent in the effort for the effective and continuous support of business needs of its clients and partners wish to inform you that after 9 years, ISO27001, the most recognized international standard for Information Security, has been updated. The new version of the ISO/IEC 27001:2022 standard was published by the International Organization for Standardization (ISO) on 25.10.2022. At the same time, since February 2022, ISO has also published the revised version of ISO27002, which is the companion standard of ISO27001 (Annex A). ISO/IEC 27002:2022 is the supporting standard that provides guidelines for the implementation of security controls (Annex A) of ISO27001. Following a decision by the International Accreditation Forum (IAF MD 26:2022) a three-year transition period has been set for the implementation of ISO/IEC 27001:2022. The following apply:

✓ Until 31.10.2023, organizations may carry out initial certification audit according to the previous version of the ISO/IEC 27001:2013, while from 01.11.2023 the initial certification audit shall be carried out exclusively according to the new version of the ISO/IEC 27001:2022. ✓ The transition period of ISO/IEC 27001:2022 expires on 31.10.2025. All certificates according to ISO/IEC 27001:2013 will be suspended or withdrawn at the end of the transition period. ✓ All certificates issued according to ISO/IEC 27001:2013 during the transition period must take account of the above deadline (whether or not the usual three-year period of validity of the certificate will be completed). Organizations that have in place ISO/IEC 27001:2013 certificate will have the ability to migrate to the new ISO/IEC 27001:2022 standard during their annual surveillance audits, with prior written notification of our Body.

Velocity Check will keep you informed about the changes resulting from the implementation of the new version of the standard as well as the training programs of ISO/IEC 27001:2022.