An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.

Certification of an organization’s ISMS ensures that the organization has a model for establishing, implementing, operating, reviewing, maintaining and improving the security of information including those of customer, held by the organization. The implemented ISMS ensure handling of overall business risks by implementation of security controls customized to the needs of the organization thus increasing the productivity of the people and enhancing corporate image.

An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security.

ISO/IEC 27001 is the only auditable international standard which defines the quirements for an Information Security Management System (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls.

Knowing the most important assets of your company is a must. You must be able to evaluate the assets you need to protect and those that need to be considered critical. There are many companies that have taken the risk of not protecting their valuable information and have paid for it. Having your data and information protected is vital for your company and this is where an ISO 27001 Certification comes in.

ISO 27001: 2022 – Transition Approach

This information will address the changes and updates to ISO 27001 standard published on October 25, 2022, and the approaches organizations can take to implement the changes introduced. There have been significant advancements in technology, as well as an increase in the complexity of security threats since the last iteration of ISO 27001 was published on September 25, 2013. The changes introduced in the ISO 27001 and the Annex A controls aim to provide guidance on improving the governance around the implemented security controls and addressing risks introduced by emerging security threats.

As organizations begin the transition process to ISO 27001:2022, they should factor in changes that may be needed across their security processes and updates to their policies, procedures and standard. Transition to the new version should be completed by October 31, 2025, and will require planning, education, staff and budget to accomplish.  

Transition Timelines Information :

• 25th October 2022 - ISO/IEC 27001:2022 3rd edition - Release date

• 31st October 2022 - Transition period begins

• 1st May 2024 - All initial (new) certifications should be to the ISO 27001:2022 edition after this date and all recertification audits are recommended to utilise the ISO 27001:2022 edition after this date. GCS will continue to accept applications for certification and issue new certificates against the ISO 27001:2013 standard until this date.

• 31st July 2025 - All transition audits should be conducted by this date.

• 31st October 2025 - Transition period ends
  Certificates for ISO/IEC 27001:2013 will no longer be valid after this date.

GCSLLC - ISO 27001 Transition Plan_Ver 1.2 download.