How can Cyberfort help?
If your organisation needs to transition
For organisations with existing ISO 27001 certification, a generous amount of time has been given to transition to the new standard (October 2025) but there is work to do here. 11 new controls have been added, many have been merged and the overall number of controls has dropped from 114 to 94. In addition to the work on the framework, the detail of the management standard had small shifts that many organisations could miss.
Cyberfort would caution against complacency when considering the timeline but recognise that your business will also be evolving and will have competing demands and needs. Our consultants have already been working with the new standard and supporting clients with implementation and transition.
Cyberfort have a simple process, delivered by experienced security consultants and ISO specialists which will establish your current position and take you through the new clauses and controls as well as the realignment activity that is required. This 4 day process will gather information around your current ISO and will provide you with a 2022 standard aligned Statement of Applicability and a ISO Readiness Report, internally reviewed by an accredited Lead Auditor for the new standard] which you can utilise to achieve a successful transition.
Whilst there are always challenges for every organisation, we will support your transition, and with our experience and expertise your certification will be in trusted hands.
If your organisation is considering certification for the first time.
If your organisation is considering certification to a standard, then the framework and certification choice may initially seem challenging but will always depend on the nature of the organisation, its use of technology and its services. ISO 27001 is still the broadest framework that considers new approaches, it can be applied to organisations of all sizes, and as an international standard, it is still the most recognisable.
Cyberfort have an experienced team of consultants that have worked with the ISO standard, including the 2022 version, as well as other frameworks (if you decide ISO is not the right one for you) , and can provide step by step support to a business that is beginning its ISO 27001 journey that takes you through six clearly documented phases of progression from Discovery to Certification.
Summary of Changes
- Definition of processes required to implement ISMS
- Communication of organisational roles
- Planning of change
- How to communicate
- Further operational process criteria
- Needs of interested parties
- Structure consolidated from 14 areas to 4
- Controls list has reduced from 114 to 93 (some have been merged, 11 controls are new and some have been removed)
- Attributes have been introduced to provide different insights
- Data Loss Prevention
- Threat Intelligence Cloud Security
- ICT Readiness for BC
- Phys Sec Monitoring
- Configuration Management
- Information Deletion
- Data Masking
- Monitoring activities
- Secure coding
- Type: Preventative, Detective, Corrective Property – Traditional CIA
- CS Connect; NIST – Identify, Protect, Detect, Respond, Recover
- Operational – similar to previous ISO groupings
- Governance; Protection, Defence, Resilience