Description
Organizations that missed the October 31, 2025 transition deadline from ISO 27001:2013 to ISO 27001:2022 must now pursue entirely new ISO 27001:2022 certification (not a transition). This requires a full initial certification audit process. All new certifications issued in 2026 must be against the 2022 version.
Requirements
- Conduct gap analysis against ISO 27001:2022
- Update ISMS documentation for 2022 standard
- Implement new Annex A controls
- Complete Stage 1 and Stage 2 certification audits
- Address non-conformities from certification audit
Applicable To
Organizations previously certified to ISO 27001:2013Organizations seeking new ISO 27001 certification
Penalty Information
âš Lapsed certification affects compliance posture, customer contracts, and regulatory requirements. No direct financial penalty but contractual and reputational impact.