The clock has officially run out for ISO 27001:2013. As of 31 October 2025, all certifications to the 2013 version will expire, and only ISO 27001:2022 will remain valid. Certification bodies have already stopped issuing new certificates to the 2013 standard, and organisations still mid-transition may have seen their renewal dates shortened to align with the cut-off.
For anyone responsible for information security management, that makes ISO 27001:2022 the only recognised version going forward. The new standard refines how organisations manage cyber risk, align controls, and evidence compliance — reflecting today’s more complex threat landscape.
At Periculo, we understand the challenges that come with updating an Information Security Management System (ISMS). That’s why we’ve developed a comprehensive service to help organisations — including our own — make a smooth and successful transition to ISO 27001:2022.
Our consultants follow the BSI Training Academy’s transition guidance, ensuring every project meets the highest possible standards.
ISO 27001:2022 introduces several changes to the standard, including new requirements for risk assessment, business continuity, and the management of third-party suppliers. Our team has a thorough understanding of these changes and can guide organisations through the transition process.
One great piece of evidence for a requirement within the standard (6.3 Planning of Changes) will be the transition project itself. It’s vital to gather as much evidence as possible to present to your auditor.
Another key change is the update to Annex A controls. These have been reduced in number (through consolidation and removal) and are now grouped into four categories:
Organisational
People
Physical
Technological
It’s also worth noting that the ISO 27002 document now plays a more active role in determining and implementing the Annex A controls identified after completing your Statement of Applicability.
At Periculo, our approach focuses on clarity and compliance, helping you understand what’s changed, update your ISMS effectively, and approach certification with total confidence.
We begin with a detailed review of your existing ISMS to pinpoint where your current controls fall short of the ISO 27001:2022 requirements. You’ll receive a clear action plan highlighting what needs to change and how to prioritise it.
Our tailored training sessions ensure your teams understand what’s changed in the 2022 update and how those changes impact daily operations, risk management, and audit preparation.
We help you update or create the necessary documentation, from policies and procedures to risk assessments, so your ISMS accurately reflects both your operations and the new standard.
Our consultants provide hands-on guidance throughout the process, helping you implement new controls, close identified gaps, and build confidence before your certification audit.
Before your Stage 2 audit, we’ll run internal audit activities and mock assessments to ensure every element of your ISMS stands up to scrutiny, so there are no surprises on audit day.
Transitioning to ISO 27001:2022 isn’t just about maintaining compliance; it’s about strengthening your organisation’s ability to manage risk, safeguard data, and demonstrate trust to customers and partners.
At Periculo, we make that transition seamless. Our consultants have extensive experience supporting organisations through ISO 27001:2022 implementation and certification, delivering practical, compliant, and efficient solutions that stand up to audit-level scrutiny.
If your organisation still operates under ISO 27001:2013, now’s the time to act.
Contact us today to arrange a gap analysis or to discuss how we can support your move to ISO 27001:2022.