ISO 27001:2022 and ISMS Compliance

Developing and maintaining a management system, either on its own (ISMS) or as an integrated management system (combination of two or more systems: e.g., ISMS/PIMS/BCMS), helps to reduce digital risks, by structuring the organisation’s information security management with a systemic approach. If you are planning to align with NIS, DORA, SOC 2 Type 2, Irish public Sector Cyber Security Baseline Standards etc, having an ISMS can be a good starting point as it has complementary controls.

ISO Implementation process

Deloitte's multidisciplinary team has experience in designing, implementing, running, continuously improving, and auditing management systems. Deloitte have assisted, and continue to assist, multiple organisations in all sectors in every stage of their ISMS journey.

Transition timelines

The new version of ISO/IEC 27001 was released on October 25, 2022. The transition timeline is set to be three years. Current 2013-certificates therefore need to be transitioned to the new version by October 2025.
The transition audit can be carried out during any scheduled audit during the three-year transition period but can also be performed as a special transition audit.

ISO 27001:2022 Transition Steps

• Understand the new changes.
• Check the impact on your organisation: Conduct gap assessment of the new ISO standard: Update your ISMS in line with your organisation goals and objectives.
• Implement the Controls: Review and implement the controls identified, update the necessary documents, and align with the new certification.
• Conduct internal audits: To verify the implementation and operation of the new controls and alignment with your ISMS: Update the necessary ISMS documents.
• Prepare for external audit: Engage your external auditors to audit your new ISMS scope and implementation changes.
• Certification: obtain the new certification and continually improve your information security management system.