ISO/IEC 27001

The more sensitive the data in your organisation, the more important the role information security plays in your daily workflow. Information is an asset these days. If it is stolen, lost, mishandled, inadequately protected, or you are unaware of the information you hold, you could be in big trouble. It can also lead to unstable business operations and, eventually, loss of reputation in the market.

To avoid all this, ISO/IEC 27001 gives you a framework to help you manage, control and protect all the information assets you hold. An organisation that puts this system in place is exposed to constant reviews that improve the organisation not only for today, but for tomorrow as well.

By becoming certified, you will enjoy greater trust from all stakeholders and a higher profile in the market.

The standard helps to make the information security system part of your organisation’s normal processes and general management, and ensures that the implementation of the system is in line with the organisation’s needs and operations. This makes information security an important pillar in your organisation, helping to design all processes, information systems, resources and the implementation of appropriate controls.

The design and operation of the system should reflect the information security interests and requirements of all stakeholders within and outside the organisation, including suppliers, business partners, owners, shareholders, customers and others important to the organisation.

• ISO/IEC 27701 – Extension to ISO/IEC 27001 and ISO/IEC 27002 for Privacy Information Management – Requirements and Guidelines
• ISO/IEC 27017 – Rules of Conduct for Information Security Control based on ISO/IEC 27002 for Cloud Services
• ISO/IEC 27018 – Good practice guidelines for the protection of personal data on public networks

ISO/IEC 27001 is intended for all organisations, regardless of type, size or activity, and is suitable for both the public and private sectors.

The standard is particularly recommended for organisations whose work involves the management of highly complex, innovative and critical processes for the smooth operation of the economy, or the processing of extremely large amounts of data, such as:

• various IT companies,
• ICT companies,
• organisations falling under critical infrastructure,
• organisations identified as essential and relevant entities under information security legislation,
• various governmental and financial institutions,
• organisations where special types of personal data are processed.

Previous edition of the standard:	New edition of the standard:
ISO/IEC 27001:2013	ISO/IEC 27001:2022
Status: Withdrawn	Status: Published 25/10/2022

• Obtaining new certificates:

From 01/05/2024, organisations can only be certified to the new edition of ISO/IEC 27001:2022.

• Existing certificates:

As of 31/10/2025, all valid ISO/IEC 27001:2013 certificates will be automatically revoked if organisations do not migrate to the new edition of ISO/IEC 27001:2022.

• Migration to the new edition:

Organisations can already transition to the new edition of the standard during a periodic or separate, i.e. transitional, renewal audit. As of 01/05/2024, for organisations that have a planned implementation:

• in case of renewal audits, it is mandatory to carry out a simultaneous transition to the new edition of the standard;
• in case of periodic audits, the transition is mandatory, but no later than 31/10/2025.

Why SIQ?

• Integrated solutions
• Professionalism and expertise
• Independence and impartiality