Briefing on the New Revision of the Information Security Management System ISO/IEC 27001:2022

Notification on Transition to Information Security Management System Standard (ISO/IEC 27001:2022)

As you may be aware, the Information Security Management System Standard ISO/IEC 27001:2022 has been published in October 2022. Organization currently certified to ISO/IEC 27001:2013 shall have a three-year transition period to migrate to ISO/IEC 27001:2022 standard. As such, all certificates issued to ISO/IEC 27001:2013 shall no longer be valid after 29 October 2025.

SIRIM QAS International’s implementation plan for transition shall be as follows:

  • For existing certifications
  1. SIRIM QAS International shall carry out upgrade audits in conjunction with the annual Surveillance or Recertification Audits, as they become due during this period. Please note that the opportunity to upgrade shall be available during our Surveillance or Recertification Audits carried out starting from 1 March 2023 until the end of the three-year transition period.
  2. It is anticipated that for most organizations an additional of one (1) audit day will be required if the upgrade audit is carried out in conjunction with a Surveillance Audit and no additional audit day is required for Recertification Audit. In exceptional cases, when requested by the client, special upgrade audits may be carried out with additional of one (1) audit day. Organizations are required to inform SIRIM QAS International in advance of their Surveillance or Recertification Audit of their intention to use the audit for the purpose of upgrading their certificate
  3. SIRIM QAS International has decided that all Surveillance Audits or Recertification Audits which became due after 29 October 2025 will be carried out to the new version of the standard.
    Note: The validity period of the certificate for the transition audit will be following the existing cycle of the certification
  • For new applications
  1. As the 2013 and 2022 versions of ISO/IEC 27001 standards will continue to be valid during the transition period, it is still possible for organizations to continue to seek and obtain certification to ISO/IEC 27001:2013 standard. SIRIM QAS International shall continue to process applications to the 2013 version of the standard until 30 October 2023. Effectively, this means that there will be no more Stage 1 and Stage 2 Audits to ISO/IEC 27001:2013 standard after 1 November 2023.
  2. Organizations that have already applied for certification to the ISO/IEC 27001:2013 but have yet to undergo Stage 1 Audit, may request for the audit to be carried out to ISO/IEC 27001:2022. New quotation will be issued based on the new standard, however there will be no change to the applicable audit days.
  3. If the organization has already undergone a Stage 1 Audit to the ISO/IEC 27001:2013 but subsequently decides to seek certification to ISO/IEC 27001:2022, they can proceed to Stage 2 Audit with an additional of one (1) audit day. New quotation will be issued to reflect the changes.
  • Briefing session
  1. In order to ensure that all our clients understand the changes that have been made and are clear about the proposed transition arrangements, SIRIM QAS International will be holding a half-day briefing as below:


  • 2 February 2023, Thursday at Auditorium Dato Yahya, SIRIM Berhad
  • 28 February 2023, Tuesday at Sunway Hotel Seberang Jaya, Penang

Click the below link for details and registration:

  • Participation is free of charge and limited to two (2) persons/ organizations.
  • Registration is on a first-come-first-served basis.
  • Enquiries & Correspondence, please contact.
    1) Pn. Sharifah Faizah Syed A. Bakar, Tel: 03-5544 5077 or Email:
    2) Pn. Siti Sarah Hasbullah, Tel: 03-5544 5027, Email:
  • Closing date is one (1) week before each actual date of the briefing session

SIRIM QAS International hopes that organizations will take the earliest possible opportunity, and not wait until the end of the transition period to be audited for the purpose of upgrading of their certificates.

For further clarification, please contact Pn Fauziah Bt Sulaiman (Head, Services Section) at 03-55446427/ 012-3835104 or Pn Sazlin Bt Alias (Group Leader, Services Section) at 03-55445606/ 012-4335477 or visit our website for more information on these update seminars.

We would like to thank you for your continuous support of our certification services.


  • Notification on Transition to Information Security Management System Standard (ISO/IEC27001:2022)