News & Media

Welcome to our news hub

Explore the latest certification solutions and stay informed with our news and press releases.

In our Media and News section, you’ll find press materials and up-to-date information about CERTivation. If you can’t find what you’re looking for, don’t hesitate to reach out—we’re here to help.

News about CERTivation & Certifications

Transition Plan - Customer Information on the Conversion to ISO/IEC 27001:2022


Tuesday, June 6, 2023

The New ISO/IEC 27001

On October 25, 2022, a new version of ISO/IEC 27001 was published. This version has undergone significant revisions, particularly in the normative Annex A, and now references ISO/IEC 27002:2022.

The original 114 controls, previously organized into 14 topic areas (A.5 – A.18), have been restructured into four areas. These controls have been reorganized, partially revised, combined, and supplemented by 11 new controls.

The new areas are:

  • Organizational controls: Chapter 5, with 37 controls
  • Personal measures: Chapter 6, with 8 controls
  • Physical measures: Chapter 7, with 14 controls
  • Technological measures: Chapter 8, with 34 controls

Transitioning Your ISMS

You have until October 31, 2025, to transition your Information Security Management System (ISMS) to the new ISO/IEC 27001 version. After this date, certificates based on the old standard will no longer be valid.

To ensure a smooth transition, it’s recommended to begin addressing the updated ISMS requirements as early as possible. The transition process involves planning and controlling the conversion while allocating the necessary resources.

Key Steps for Transition:

  1. Understand the Changes: Familiarize yourself with the updates in ISO/IEC 27001:2022 and ISO/IEC 27002:2022. These standards can be purchased through the usual channels.
  2. Train Your Team: Ensure relevant personnel in your organization are trained on the changes and understand their implications.
  3. Compare and Update:
    • Compare your currently defined measures in Annex A for addressing information security risks with the revised measures.
    • Utilize Annex B in ISO/IEC 27002:2022 for mapping changes.
    • Implement the required new or revised measures and update your Statement of Applicability.
  4. Conduct a Gap Analysis: Perform a gap analysis to identify discrepancies between your existing ISMS and the requirements of the new standard.

Certification Transition Timeline

The following timeline outlines key dates and requirements for certification under the new standard:

  • May 1, 2023: Earliest possible date for certification under ISO/IEC 27001:2022 (requires accreditation amendment by DAkkS).
  • April 30, 2024: Initial and re-certifications under DIN EN ISO/IEC 27001:2017 are only possible until this date.
  • October 31, 2025:
    • Certificates under DIN EN ISO/IEC 27001:2017 will expire.
    • All certificates must be transitioned to the new standard by this date to remain valid.

Certivation’s Support for Transition

Certivation will work closely with its DIN EN ISO/IEC 27001:2017 certified customers to ensure a seamless transition to ISO/IEC 27001:2022.

This transition can take place during:

  • A surveillance audit
  • A re-certification audit
  • An unscheduled audit

The additional effort required for these audits is as follows:

  • Surveillance or re-certification audit: Typically 0.5 man-days
  • Unscheduled audit: Typically 1 man-day

If you have further questions, feel free to contact us!

Contact us!

Many may find identity management boring. It is often seen as an administrative burden, especially when considering the requests of new ID cards or authentication requirements at the authorities. With the appearance of blockchain, this could change drastically. The emerging distributed-ledger technology could tear down administrative obstacles and speed up processes, all while increasing the security and protection of our personal data.

In the newest release of the eco dotmagazine our blockchain expert Sebastian Beyer explains how digital identities and blockchain could make our lives easier. Interest? Read the full interview.

Read more
Get in contact with the Rosenxt Group.

Get in contact with us!

office@certivation.com+49 5908 934 420 0