Trusted ISO 27001:2022 compliance
Flexible Service Delivery
Flexible service works around your schedule to minimise disruption to your everyday business
Cost-effective Packages
Get a best-fit service to transition to ISO 27001:2022 with our accessible package
Seasoned Consultants
Everything’s made as easy as possible thanks to our experienced & certified ISO 27001 consultants
End-to-end Compliance Support
Experience a seamless, end-to-end consultancy service from the initial kick-off to certification.
What is ISO 27001:2022?
ISO 27001:2022 is the latest version of the internationally celebrated ISO 27001 standard. The 2022 version replaces the previous 2013 edition and brings the standard in-line with modern business practices and technologies, such as cloud computing. At its core it’s still the same information security standard, making it a valuable addition to your business.
What’s changed in ISO 27001:2022?
ISO 27001 2022 has updated its controls so it remains relevant to modern business operations. Along with 11 new controls added to the 2022 edition of ISO 27001, the controls have been re-organised so that the total number has decreased from 114 to 93. The controls have also been categorised into four themes to make it easier to organise and implement. The new and updated requirements are referenced in Annex A of ISO 27001:2022, which means that organisations that currently use Annex A controls will need to update their Information Security Management System (ISMS) before being assessed against ISO 27001:2022.
The four themes are:
People
37 controls
Covers confidentiality, on/off boarding, remote work, and how employees interact with information.
Physical
14 controls
Deals with site maintenance and security, physical access to data, and environmental threats
Technological
34 controls
Encryption, authentication, access control, and ensuring your technology is appropriate to the task.
Organisational
8 controls
Policies, use of assets, management, and things that don’t fit into other three themes.
Get certification-ready with Bulletproof
Our friendly ISO consultants are seasoned compliance experts with extensive experience of providing ISO 27001:2022 compliance services to a wide range of organisations across multiple sectors. We leverage this experience when transitioning your business from 2013 to 2022 version of ISO 27001. Bulletproof will get your organisation ready to certify against the new standard:
- Understand the scope of the ISMS
- Conduct risk assessments and review risk management framework
- Review policies, procedures and documentation
- Get oversight of non-conformities
- Flexible gap analysis, implementation and audit plans to work around your busy schedule
Many of our information security consultants also provide valuable on-going ISO support through our popular virtual CISO service.
Find the right ISO 27001:2022 transition package
Get help at every stage of the journey moving your business from ISO 27001:2013 to ISO 27001:2022, with gap analysis, implementation and audit support.
Gap Analysis
Understand where your compliance currently is vs where you need to be
- Detailed discovery exercise looks at all technical, procedural, & physical security controls
- Systematic approach ensures all aspects of 27001:2022 are covered
- Our friendly ISO consultants make it as painless as possible
Gap Analysis & Implementation
Includes everything in a Gap Analysis, plus hands-on help implementing the changes
- Embed information security controls & ensure they’re effective
- Included ISO 27001 resources help creating missing policies & procedures
- Leverages our consultants’ experience across many industries & sectors
Audit Only
If you’re undertaking the gap analysis and implementation work in-house and are confident in your compliance status, we can provide external assurance with a full ISO 27001:2022 audit.
Our auditor will assess your ISMS and Annex A controls to make sure you’re ready for your certification audit.
ISO 27001:2022 FAQs
If you’re part-way through ISO 27001 certification then check with your provider if you’re under the 2013 or 2022 edition of the standard. Bulletproof recommends ISO 27001 certification is carried out under the new 2022 version.
The updated controls of ISO 27001:2022 are outlined in Annex A and covered in much more detail in the supplementary standard ISO 27002. ISO 27002:2022 details how each control works, its aim and objective, and includes implementation advice. For organisations using ISO 27002, Bulletproof offers a dedicated ISO 27002 gap analysis for the new 2022 update.
One of the reasons ISO 27001 certification is so valuable is that it makes a profoundly positive change to your business security. It overlaps with the GDPR in a number of areas and makes GDPR compliance easier:
- Identify and assess information security risks
- Implement appropriate controls to mitigate those risks
- Manage access to personal data
- Protect personal data from unauthorized access, use, disclosure, alteration, or destruction
- Respond to data breaches and security incidents
If you currently have the ISO 27001:2013 certification, now is a great time to upgrade to ISO 27001:2022. You don’t have to wait until it’s time for your renewal. If it’s approaching time to renew your ISO 27001 certification then take a look at our packages to see what level of support you need to upgrade from ISO 27001:2013 to ISO 27001 2022.
Annex A of ISO 27001:2022 lists the updated controls that make the new version of ISO 27001 more relevant to modern business operations. The 11 new controls listed in Annex A are:
- Threat intelligence
- Information security for the use of cloud services
- ICT readiness for business continuity
- Physical security monitoring
- Configuration management
- Information deletion
- Data masking
- Data leakage prevention
- Monitoring activities
- Web filtering
- Secure coding
Get a fast ISO 27001:2022 quote
One of our expert ISO 27001:2022 consultants will get back to you as soon as possible.
Here’s what our customers say about us
ISO 27001 compliance has helped us improve our security investment and build credibility with our global client base, as well as enabled us to successfully win UK Government procurement contracts. Bulletproof made the whole process easy and effortless from start to finish, strengthening our information security and improving our position in the industry.
We work extensively with Bulletproof both with Cyber Essentials and ISO 27001. I always find the team both helpful and knowledgeable.
More ISO 27001:2022 learning resources
Bulletproof's security qualifications
Trusted by top brands
Rated 5 stars on Google
We’ve always been very impressed with the cyber security services Bulletproof provide us. Their professional approach, knowledge and flexibility have ensured they have become a key trusted partner in our supply chain.
Get a fast ISO 27001:2022 quote
Meet & maintain ISO 27001:2022 compliance with trusted compliance consultancy from Bulletproof..
- Seasoned compliance consultants make the process easy
- Accessible packages for a best-fit service
- Cost-effective ISO 27001:2022 compliance
- Flexible delivery fits around your business
- End-to-end support through the whole process
Discover more cyber & compliance resources from Bulletproof
Trusted cyber security & compliance services from a certified provider
