ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance

Need help or have a question? Contact Us

RO ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance office@rigcert.org
RO

Contact Us

ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance
office@rigcert.org

Follow Us

RIGCERT policy for the transition of certifications to ISO/IEC 27001:2022

Home

Stay in the know

RIGCERT policy for the transit...

ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance
ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance
ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance
ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance
RIGCERT policy for the transition of certifications to ISO/IEC 27001:2022
ISO certification, accredited certification body, international standards, ISO management systems, ISO auditor, ISO consulting, ISO certificates, ISO training, conformity assessment, accredited ISO certification, third-party certification, ISO certification services, ISO audit process, ISO registration, ISO compliance 6 January 2023

The transition of ISMS certifications to ISO/IEC 27001:2025



On the 25th of October 2022 the new edition of ISO/IEC 27001 (ISO/IEC 27001:2022) was published by the International Organization for Standardization.

This policy details the requirements and arrangements for the transition of accredited ISO/IEC 27001 certifications to the new edition of this standard. The policy is relevant for certified organizations as well as for those organizations looking to obtain the ISMS certification to ISO/IEC 27001.

The transition period began on the 31st of October 2022 and it ends on the 31st of October 2025.

RIGCERT will continue to accept applications for ISMS certification according to ISO/IEC 27001:2013 until 01.04.2024. Starting from 01.05.2024 all new certifications and recertifications will have to be in accordance with the 2022 edition of ISO/IEC 27001.

Our ability to provide accredited certification according to ISO/IEC 27001:2022 depends of course on the transition of our accreditation to the new edition of the standard. We are hopeful that we will be able to transition our accreditation in time so that we can provide accredited ISO/IEC 27001:2022 certifications in the first part of 2024.

All existing certifications must be transitioned to the new edition of the standard until the 31st of October 2025.

The assessment for the transition to the new edition of the standard will normally be done during regular surveillance or recertification audits. At the request of the certified organization the transition assessment can be done through a special audit.

The changes brought by this new edition of ISO/IEC 27001 are limited. They mostly refer to the information security controls from Annex A of this standard, which now includes 93 controls (instead of 114, in the 2013 edition) and that are now grouped into 4 themes, organizational controls, people controls, physical controls and technological controls.

The transition will require from the certified organizations a gap analysis, revisions to existing documents of the ISMS (i.e. Statement of Applicability, risk treatment plan), the implementation of the additional/ modified information security controls and an evaluation of their effectiveness. An internal audit of the ISMS and a management review should also be performed as part of the transition process.

Considering the changes brought by the new standard we believe that the impact on our clients and their ISMSs is limited and we consider that the assessment for transition will not require more than 1 supplementary auditor day.

Following the successful evaluation for transition, RIGCERT will issue a new certificate for the ISMS (to ISO/IEC 27001:2022) which identifies the updated version of the Statement of Applicability.

Our online training course on the requirements for an ISMS according to ISO/IEC 27001:2022 is available here.

More information about the transition to ISO/IEC 27001:2022 can be found here.

Services

Interested in a recognized ISO certification?

Contact Us

Frequently Asked Questions

The certification process for management systems involves an initial audit conducted in two stages. The purpose is to verify whether the management system conforms to the applicable requirements.

If the results of the audit are positive, certification is granted. A management system certification is typically valid for three years, during which annual surveillance audits are carried out to ensure continued compliance.

For a management system certification to be recognized and accepted by authorities or business partners, it must be issued by a certification body accredited in accordance with the provisions of Regulation (EC) No. 765/2008.

RIGCERT provides accredited management system certification in accordance with European legislation and the requirements of the International Accreditation Forum (IAF)

Accreditation is the formal recognition of a certification body’s competence to perform audits and issue certifications. In other words, accreditation applies to certification bodies, while certification is the process applicable to organizations seeking to demonstrate conformity with a specific standard (e.g. ISO 9001).

Accreditation provides confidence that a certification is credible and will be accepted by relevant stakeholders, such as clients, regulatory authorities, or business partners.

Within the European Union, the accreditation of certification bodies is carried out exclusively by national accreditation bodies.

A complete list of recognized accreditation bodies in Europe can be found here.

Management system certifications (e.g., ISO 9001, ISO 14001, ISO/IEC 27001) are typically valid for three years.

During this period, the organization must undergo annual surveillance audits to confirm that its management system continues to meet the requirements and that the certification remains valid.

At the end of the three-year cycle, the organization may apply for recertification of its management system.

Yes, management system certifications can be transferred provided that certain conditions are met.

Only certifications issued under accreditation by an IAF member body are eligible for transfer, and the certification must be valid at the time of transfer.

RIGCERT performs a pre-transfer evaluation and reserves the right to accept or decline the transfer request.

Any interested party may submit a complaint regarding a certification issued by RIGCERT or lodge an appeal against a certification decision.

Complaints and appeals can be submitted in various forms (e.g., by email or in writing) and should include sufficient details to allow proper identification of the case.

RIGCERT will investigate the matter and provide a response to the complainant. Depending on the outcome of the investigation, additional actions may be taken.

More information on how complaints and appeals are managed is available in the Rules for Certification.