An update on the upcoming changes to ISO 27001


Businesses are now relying on technology more than ever. That increased usage of technology presents an increased risk of cyber-security threats – from malware to phishing. To tackle this increased risk posed by the ongoing technological revolution businesses today are experiencing, experts have anticipated a new version of ISO 27001 to be released this year.

There has been an update to how ISO 27001 Accreditation is granted. However, against expectation, we understand that the International Organization for Standardization (ISO) is not going to release an all-new ISO 27001:2022. Instead, it is predicted that we are going to see an amendment to the existing ISO 27001:2013, which will be known as ISO/IEC 27001:2013+A1:2022.

Annex A will also be replaced with a normative version of the 93 new controls from ISO 27002:2022.

One of the key updates to the management system can be found in clause 6.1.3c, where it tones down the term ‘comprehensive list of controls’ to the more appropriate ‘possible controls’, which could possibly allow an organisation to continue using the controls from the 2013 version if they consider them more appropriate.

According to the ISO, voting has only just begun and will continue until April 26th. Therefore, we anticipate that the amendment will be released no sooner than May 2022, after which it will be possible to certify against it (and recertify for those already certified).

There are no definitive dates for the release of this amendment, and the structure is not fully confirmed so the amendment will be subject to change, which we will update you on once we know more. Please keep an eye on our ISO 27001 Controls page for all the latest updates.


If you’d like to find out more about what this means for your existing ISO 27001 and register you interest in upgrading your system once the relevant content is available, you can get in touch with us by emailing [email protected].

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Jack Rosier

  • Company:

    Citation ISO Certification

  • Bio:

    Jack has worked for Citation ISO Certification since 2022, writing creative and informative content on ISO certification and consultation to help businesses reach their potential.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only