The ISO/IEC 27001:2022 Information Security Management System (ISMS) standard has been published in October 2022. Organizations currently certified to ISO/IEC 27001:2013 shall have a three-year transition period to migrate to ISO/IEC 27001:2022 standard
The followings are transition arrangements for ISO/IEC 27001:2022 ISMS by Information Security Certification Body (ISCB), CyberSecurity Malaysia:
- New application for ISO/IEC 27001:2013 certification are accepted until 1 Dec 2023. Stage 1 & Stage 2 audit must be conducted by March 2024.
- No new or recertification audit for ISO/IEC 27001:2013 will be conducted after March 2024
- Transition audit to ISO/IEC 27001:2022 will be conducted by June 2025 (for existing clients).
- Transition audit will be conducted either with Surveillance, Recertification or via separate audit. Organizations are required to inform CyberSecurity Malaysia in advance if they plan to do Transition Audit with the Surveillance or Recertification Audit
- If Transition Audit are NOT conducted by 31 Oct 2025, all certificates issued to ISO/IEC 27001:2013 will be withdrawn on 1 Nov 2025.