The ISO/IEC 27001:2022 standard was published on October 25, 2022. The International Accreditation Forum (IAF) outlined the transition requirements for the new version in document MD 26.
According to IAF MD 26:
Certification bodies must complete their accreditation for certification under the new version within 12 months of the standard's publication, before November 1, 2023.
Certification bodies must have completed their clients' transition to ISO/IEC 27001:2022 within 36 months of the standard's publication. Certified bodies must complete their transition by the end of October 2025.
In this context:
The ISO/IEC 27001 Information Security Management System Standard was updated and published in October 2022. A three-year transition period was foreseen, with a deadline of October 31, 2025. ISO/IEC 27001:2013/2017 certificates will no longer be valid after this date.
TRANSITION PLAN TO CHANGES
NETSERT has determined the transition process to ISO/IEC 27001:2022 as follows:
1) Organizations Applying for Certification for the First Time
As of November 1, 2023, the first certification audits will begin to be conducted according to ISO/IEC 27001:2022 (accredited certificates will begin to be issued after NETSERT's accreditation scope is published by TÜRKAK).
Initial certification applications according to ISO/IEC 27001:2013 will be accepted until October 31, 2023. From November 1, 2023 onwards, only initial certification applications according to ISO/IEC 27001:2022 will be accepted.
2) Certified Bodies
All organizations certified by our organization according to ISO/IEC 27001:2013 will undergo surveillance and recertification audits to ensure their existing management systems are compliant with the new version. If the transition is a surveillance audit, one day will be added to the duration of the surveillance audit; if it is a recertification audit, 0.5 days will be added. If a separate transition audit is requested, it will last a minimum of one day. From November 1, 2023 onwards, initial certification and recertification audits will only be conducted according to ISO/IEC 27001:2022.