One revised ISO 27001, three different versions
When a standard is no longer up-to-date, it needs to be revised. This happened with ISO 27001 for information security in 2022. In the years following, the standard received several minor updates, resulting in three different versions: ISO/IEC 27001:2022, ISO/IEC 27001:2023 and ISO/IEC 27001:2024. Below, you can read more about the differences between these versions and what they mean for ISO 27001 (re)certification.
ISO/IEC 27001:2022
In 2022, the revised version of ISO/IEC 27001 was published, featuring significant updates and modernizations to keep up with the rapidly evolving digital security challenges. This version includes 93 controls, divided across four chapters and incorporates new aspects such as data masking and cloud security. Kiwa Netherlands achieved the RvA accreditation ISO 27001:2022 in 2023.
ISO/IEC 27001:2023
In July 2023, the international version ISO/IEC 27001:2022 was specifically approved for Europe as ISO/IEC 27001:2023. The main difference lies in the foreword added to the European version, while the content remains the same as the international standard. You can read more about ISO 27001:2023 below:
ISO/IEC 27001:2024
In February 2024, ISO 27001 Amendment 1 was introduced, focusing on climate change. This addition emphasizes the importance for organizations to integrate climate-related risks into their information security management system. Amendment 1 is also part of ISO’s Harmonized Structure (HS) and therefore also applies to, among others, ISO 9001 and ISO 14001. You can read more about it below:
Which version applies?
ISO 27001 certification is currently issued according to ISO/IEC 27001:2022, including for the 2024 version. Want to know more about the transition to ISO 27001:2022 or the applicable transition period? Check the links below or contact us.
Download the timeline ISO 27001:2022 (version 28 June 2024).