• Home
  • About
  • SERVICES
    • CERTIFICATIONS
    • SUPPLIER AUDITING
    • AUDITOR TRAINING
    • OTHER SERVICES
  • STANDARDS
    • STANDARDS CERTIFICATION
    • ISO 9001
    • ISO 27001
    • AS 9100 | 9110 | 9120
    • ISO 45001
    • ISO 14001
    • ISO 55001
    • ISO 22000
    • FSSC 22000
    • HACCP
  • CERTIFICATION
    • WHY CHOOSE US
    • CAPABILITY STATEMENT
    • RULES OF CERTIFICATION
    • AUDITOR CODE OF CONDUCT
  • Blog & News
  • Contact
  • MORE
    • Request a Quote
    • Certification Promotion
    • Resources
    • Policies and Disclaimers
    • Privacy Policy
    • Employment
  • More
    • Home
    • About
    • SERVICES
      • CERTIFICATIONS
      • SUPPLIER AUDITING
      • AUDITOR TRAINING
      • OTHER SERVICES
    • STANDARDS
      • STANDARDS CERTIFICATION
      • ISO 9001
      • ISO 27001
      • AS 9100 | 9110 | 9120
      • ISO 45001
      • ISO 14001
      • ISO 55001
      • ISO 22000
      • FSSC 22000
      • HACCP
    • CERTIFICATION
      • WHY CHOOSE US
      • CAPABILITY STATEMENT
      • RULES OF CERTIFICATION
      • AUDITOR CODE OF CONDUCT
    • Blog & News
    • Contact
    • MORE
      • Request a Quote
      • Certification Promotion
      • Resources
      • Policies and Disclaimers
      • Privacy Policy
      • Employment
  • Home
  • About
  • SERVICES
    • CERTIFICATIONS
    • SUPPLIER AUDITING
    • AUDITOR TRAINING
    • OTHER SERVICES
  • STANDARDS
    • STANDARDS CERTIFICATION
    • ISO 9001
    • ISO 27001
    • AS 9100 | 9110 | 9120
    • ISO 45001
    • ISO 14001
    • ISO 55001
    • ISO 22000
    • FSSC 22000
    • HACCP
  • CERTIFICATION
    • WHY CHOOSE US
    • CAPABILITY STATEMENT
    • RULES OF CERTIFICATION
    • AUDITOR CODE OF CONDUCT
  • Blog & News
  • Contact
  • MORE
    • Request a Quote
    • Certification Promotion
    • Resources
    • Policies and Disclaimers
    • Privacy Policy
    • Employment
TQCSI (USA) LLC

ISO 27001:2022 - Information Security Management Systems Requirements

ISO 27001 - Information security, cybersecurity and privacy

Benefits of ISO 27001 Certification

Businesses of all sizes have experienced the benefits of becoming ISO 27001 certified: 

  • Demonstrated due diligence by meeting regulatory and customer requirements
  • Meeting international best practice for security
  • Meeting tender requirements and stand out from the competition
  • Improved reputation and enhanced company profile
  • Demonstrated integrity of data to customers, suppliers and other stakeholders
  • Reduced risk of fraud, information loss and disclosure
  • Increased resilience to cyber attacks
  • Prompt detection of data leakage and rapid reaction to breaches
  • Reduced costs associated with information security
  • All forms of information, ensuring confidentiality, integrity and availability of data secured
  • Ensured workplace confidentiality and improved company culture
  • Easily integrated with other management systems

Transition from ISO 27001:2013 to ISO 27001:2022

ISO/IEC 27001:2022 was published in October 2022.  It is not a fully revised edition; the main changes are:  

  • Annex A references the controls in ISO 27002:2022, which includes the information of control title and control
  • The notes of Clause 6.1.3.c are revised editorially, including deleting the control objectives and using “information security control” to replace “control”
  • The wording of Clause 6.1.3.d is re-organized to remove potential ambiguity

The number of controls in ISO 27002:2022 decreases from 114 controls in 14 clauses to 93 controls in 4 clauses. Of those, 11 controls are new, 24 are merged from the existing controls, and 58 are updated. Moreover, the control structure is revised, which introduces “attribute” and “purpose” for each control and no longer uses “objective” for a group of controls.  

Clients may apply to be audited and certified to the old Standard (ISO 27001:2013) until 30 April 2023, after which only applications against the new Standard (ISO 27001:2022) will be accepted. Clients may request to be audited and certified to the new Standard (ISO 27001:2022) from 1 November 2022.   

All clients must be audited and certified to ISO 27001:2022 no later than three years following its publication (30 October 2022). No certification to ISO 27001:2013 is permitted after 30 October 2025. 

Certification Mark for Information Security Management Systems:

Once obtained, this certification mark can be used on all marketing material to promote your ISO 27001 Information Security Management System certification.  

BACK TO STANDARDS
REQUEST A QUOTE
  • Home
  • TESTIMONIALS
  • Certified Organizations
  • Contact
  • Request a Quote

TQCSI (USA) LLC

+1 (800) 852-9275 | info@tqcsi-usa.com

Copyright © 2025 TQCSI (USA) LLC - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept