ISO/IEC 27001: 2022

Understanding the “New ISO 27001 standard”, a step-by-step journey for new certification or recertification

Understanding the “New ISO 27001 standard”, a step-by-step journey for new certification o

As a result of an ever-changing global digital landscape and evolving cyber threats, cybercrime is growing more severe and sophisticated. To address this evolution and better tackle cybersecurity challenges, the International Organization for Standardization (“ISO”) has updated the ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Controls for Information Security. An enhanced scheme, ISO/IEC 27001:2022, has now been introduced, with a structured implementation timeline starting in end-2022 and continuing through 2025.

This flyer summarises the changes in the enhanced 27001:2022 scheme compared with 27001:2013 and highlights the requirements and estimated timeline for 27001:2022 certification for those companies seeking certification for the first time or for currently certified companies. It also details how KPMG can help organisations in areas such as scoping, gap assessment, risk assessment/mediation, and pre-certification/certification with relation to the new scheme.

ISO/IEC 27001: 2022

Understanding the “New ISO 27001 standard”, a step-by-step journey for new certification or recertification

ISO/IEC 27001: 2022

Understanding the “New ISO 27001 standard”, a step-by-step journey for new certification or recertification

Henry Shek
Partner, Management Consulting
KPMG China

Brian Cheung
Partner, Management Consulting
KPMG China

Lanis Lam
Partner, Management Consulting
KPMG China

Connect with us

Find office locations kpmg.findOfficeLocations
kpmg.emailUs
Social media @ KPMG kpmg.socialMedia