What is ISO 27001:2023 and Do I need to Change my ISMS?

In 2022 the international standard for information security management system (ISMS) was updated and published, requiring any organisation certified to ISO 27001:2013 to migrate to ISO 27001:2022 by October 2025 in order to remain compliant.

However shortly after, a 2023 version of the standard appeared. So what is ISO 27001:2023 and do you need to transition to this standard?

Is there a new edition of ISO 27001?

The latest published version of the standard at ISO is ISO 27001:2022.  This introduced a number of changes including 11 new controls, and a reorganised Annex A based on ISO 27002:2022.

Read more: What Has Changed in ISO 27002:2022? – Assent Risk Management

Why is there a 2023 edition of ISO 27001?

There are no material differences between the 2022 and 2023 editions of the standard, and many certification bodies are likely to reference the 2022 version as was published by ISO.The 2023 version has appeared because the standard was adopted in Europe by CEN (the European Committee for Standardisation), causing BSI to change the name from: BS ISO/IEC 27001:2022 to BS EN ISO/IEC 27001:2023

If you have implemented ISO 27001:2022 there is no need to acquire a 2023 copy.

Start Implementing ISO 27001 or Make the Transition

Assent’s ISO 27001 consultants can help implement the requirements of the standard, conduct internal audits and maintain certification.  Speak to an expert.

Robert Clements
Robert Clements
Articles: 290