How long does ISO 27001 certification take?

The timeline varies by organisation size and readiness. Typically, initial implementation takes 3-12 months, followed by a Stage 1 (documentation review) and Stage 2 (operational audit) over 2-4 weeks. GRCTrack can accelerate preparation significantly.

What changed in the 2022 revision?

ISO 27001:2022 restructured controls from 14 domains to 4 themes (Organisational, People, Physical, Technological), reduced controls from 114 to 93, and added 11 new controls addressing cloud security, threat intelligence, and data masking.

Is ISO 27001 mandatory?

ISO 27001 is voluntary but increasingly required by enterprise customers, regulators, and in government procurement. It is often a contractual requirement in supply chain agreements.

All Frameworks

93 Controls

ISO 27001:2022

Information Security Management System

ISO 27001:2022 is the internationally recognised standard for establishing, implementing, and maintaining an information security management system (ISMS). The 2022 revision streamlines controls from 114 to 93 across four themes.

Start Free Trial Request Demo

Ideal For

Technology CompaniesFinancial ServicesHealthcareGovernment Contractors

What is ISO 27001:2022?

ISO 27001:2022 is the internationally recognised standard for establishing, implementing, and maintaining an information security management system (ISMS). The 2022 revision streamlines controls from 114 to 93 across four themes.

ISO 27001 is applicable to any organisation, regardless of size, sector, or geography, that wants to establish a systematic approach to managing sensitive company information. It is especially prevalent among technology companies, financial institutions, healthcare providers, and government contractors seeking formal certification.

Key Requirements

Core areas of ISO 27001:2022 that organisations must address.

Establish an Information Security Management System (ISMS)

Conduct information security risk assessments

Implement organisational, people, physical, and technological controls

Define a Statement of Applicability (SoA)

Monitor, measure, and evaluate ISMS performance

Conduct internal audits and management reviews

How GRCTrack Supports ISO 27001:2022

93 controls across 4 themes

Statement of Applicability generator

Risk assessment templates

Internal audit checklists

Management review documentation

Continual improvement tracking

Global Recognition

Demonstrate security commitment worldwide.

Risk-Based Approach

Focus on critical assets and risks.

Certification Ready

Prepare for certification with confidence.

Frequently Asked Questions

Ready to Simplify ISO 27001:2022 Compliance?

Join hundreds of organisations using GRCTrack to manage compliance.

Start Free Trial View All Frameworks