+31 (0)73 - 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Beglië
  • Dutch
  • English
  • Beglië
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Contact
  • Information security
    • ISO 19770-1
    • ISO 27001
    • ISO 27017 and ISO 27018
    • ISO 27799
    • BIO
    • NEN 7510
    • SOC 2
    • ISAE 3402
  • Privacy
    • Whitepaper BC 5701
    • AVG standard BC 5701:2023 NL
    • GDPR standard BC 5701:2023 EN
    • GDPR standard BC 5701:2024 EN
    • BC 5701
    • ISO 27701
  • Quality
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge base
  • News
  • Academy
    • NIS2 training course
    • ISO 27001 training courses
    • BC 5701 training courses
  • About us
    • Start your certification journey
    • Accreditations
    • Compliment, complaint or tip
    • Privacy Statement
    • Vacancies
    • Contact

Certification process

10
  • Checklist certification
  • Do you have your first audit soon?
  • How long does ISO certification take?
  • What is a certification cycle?
  • Applying for a certification process
  • Initial audit Stage 1
  • Initial audit Stage 2
  • Nonconformities management system
  • Certificate suspended or revoked? This is how you solve it!
  • Transfer of certification

BC 5701

5
  • BC 5701 certification: where do you start?
  • Your record of processing activities and the GDPR
  • Your Data Protection Officer and the GDPR
  • Checklist for your BC 5701 certification
  • Data breach: What is it and how do you prevent it?

General

9
  • SOC 2 or ISAE 3402: which standard suits your organization?
  • The Traffic Light Protocol (TLP): what does it mean for you?
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Find out more about internal audits
  • Tips to describe a proper scope
  • Accreditation versus certification
  • The use of certification logos

ISO 27001:2022

3
  • Operational Capabilities: The Backbone of Information Security
  • ISO 27001:2022 – FAQ transition
  • ISO 27001:2022 – Transition process

Whitepapers

2
  • Whitepaper management system audits
  • Whitepaper GDPR Certification Standard and Criteria BC 5701

Best practices

3
  • Mastering GDPR compliance: best practices
  • Excelling in information security: best practices
  • Quality Management: best practices for success

NEN 7510

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 Directive

2
  • NIS2 liability
  • NIS2 & the Belgian CyberFundamentals
View Categories

ISO 27001:2022 – Transition process

3 min. leestijd

In this article we describe the planned process for the transition from ISO 27001:2017 to ISO 27001:2022. We try to inform you as well as possible about how we deal with offering, planning and conducting audits, issuing certificates and the costs. 

Follow the ISO 27001:2022 transition training

Would you rather be talked through the changes in ISO 27001:2022? An ISO 27001 auditor will explain everything about the changes in this training.

ISO 27001:2022Version 2017 or 2022? 

As of February 1, 2023, we offer new customers proposals for ISO 27001:2022 certification processes. 

Customers who have already received a proposal for ISO 27001:2017 are basically audited against that version of the standard. However, an initial ISO 27001:2017 audit may no longer be performed after 1 May 2024. This means that if you wish to start a certification process after 1 May 2024, you must have set up your management system based on ISO 27001:2022. This also applies to recertifications, these can no longer be performed against the old version of the standard after this date.

Transition audit ISO 27001:2022

If your organization already is certified for ISO 27001:2017, a transition audit must take place to the new version of the standard. Preferably, this transition audit is scheduled as a separate audit, so that both you and the auditor can fully focus on the changes in the management system. 

The following steps must be planned and carried out for the transition audit: 

  • When you are ready (or know when you will be ready) for the audit to take place, please contact us at: planning@brandcompliance.com, +31 (0) 73 220 20 30. Your audit will then be scheduled by a Brand Compliance Customer and Project Coordinator. 
  • You will receive an audit plan with the subjects that will be discussed at least during the transition audit. 
  • The separate transition audit takes 6 hours, for which the agenda below will be used.
    • Opening meeting;
    • Explanation from you on the transition to the new standard;
    • Audit on the changes in the ISMS (gap between ISO 27001:2017 and ISO 27001:2022);
    • Audit on the updated Statement of Applicability;
    • Audit on the update of the risk treatment plan;
    • Audit on the implementation and effectiveness of the new or changed controls chosen by you. You must determine this by means of an internal audit and management review in relation to the new standard;
    • Closing meeting.
  • Our auditor prepares an audit report. 
  • You will receive the report after it has been internally reviewed. 
  • If nonconformities are found, you will be given a term to deal with them. 

When the conditions of ISO 27001:2022 are met, the time has come for you to receive a new certificate! The ISO 27001:2022 certificate will contain the same expiration date as your current certificate. 

Transition activities 

For the above activities, at least one day of work will be delivered; this includes: 

  • The audit (6 hours); 
  • Drafting the report (2 hours); 

After the audit day, the following activities will be carried out for you:

  • The administrative handling of the audit; 
  • The certification process; 
  • Drawing up, registering and issuing the new certificate. 

If nonconformities are found during the audit, Brand Compliance may need more time in total to complete the transition process. 

Transition period ISO 27001:2022

The transition period has an end date of October 31, 2025. If the requirements of the new ISO 27001:2022 are not met at the end of this period, the current certificate will be revoked. 

Additional information 

Any further questions regarding the transition process? View the FAQ or our news article about accreditation. You can also contact Brand Compliance at info@brandcompliance.com on telephone number +31 (0)73 220 2000.

Share This Article :
  • Facebook
  • X
  • LinkedIn
Updated on 4 December 2024
ISO 27001:2022 – FAQ transition

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 scope 33 information technology and 35 other services.

Brand Compliance B.V.

Hambakenwetering 8D2
5231 DC ‘s-Hertogenbosch

+31 (0)73 220 2000
info@brandcompliance.com

Chamber of Commerce nr.: 32101659
VAT nr.: NL8130.78.854.B01

Brand Compliance Belgie B.V.

Uitbreidingstraat 66
2600 Berchem (Antwerpen)

+32 (0)14 48 0730
be-info@brandcompliance.com

VAT nr.: BE0735.675.516

Brand Compliance Nordics AB

Vasagatan 16 2 TR
111 20 Stockholm

+31 (0)73 220 2015
info@brandcompliance.com

Org.nr: 559238-1387

© Copyright 2025 Brand Compliance