By CAS — issued under CAS's own authorityBy CASISMS

ISO/IEC 27001:2022 — Information Security

The global benchmark for information security management — updated with Amendment 1:2024. Protect your information assets and demonstrate robust cybersecurity governance to clients and regulators.

Standard

ISO/IEC 27001:2022 + Amd.1:2024

Service type

By CAS

Issued under

CAS — own authority

Standards & technical basis

Certified standard

ISO/IEC 27001:2022 + Amd.1:2024

Certification-body competence

ISO/IEC 17021-1:2015 · ISO/IEC 27006-1:2024

CAS audits and certifies to the requirements of ISO/IEC 17021-1:2015 and ISO/IEC 27006-1:2024 — which sets the requirements for bodies providing audit and certification of information security management systems.

Mark & recognition

Issued by CAS under its own authority — carries the CAS mark and does not bear the EGAC or IAF marks.

What it is

ISO/IEC 27001:2022 specifies requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). It provides a systematic approach to managing sensitive company information so that it remains secure, covering people, processes, and technology.

Who needs it

IT companies, financial institutions, healthcare organisations, government contractors, cloud service providers, and any organisation handling sensitive data — increasingly required by customers, regulators, and data protection frameworks.

Benefits of certification

Internationally recognised information security certification
Demonstrates commitment to protecting customer and business data
Required or preferred by many enterprise and government clients
Supports GDPR, NIS2, and local data protection compliance
Reduces risk of data breaches, incidents, and regulatory fines
Competitive advantage in IT services, fintech, and B2B markets

Frequently asked questions

Common questions

What changed in the 2022 revision?

ISO/IEC 27001:2022 restructured the Annex A controls from 114 to 93, added 11 new controls (covering threat intelligence, cloud security, data masking, etc.) and reorganised into 4 themes.

How does ISO 27001 relate to GDPR?

ISO 27001 is not a legal requirement for GDPR, but many of its controls directly support GDPR compliance requirements. Certification demonstrates a structured approach to data protection.

Related services

ISO 9001:2015 + Amd.1:2024

Quality Management Systems

ISO/IEC 20000-1:2018 + Amd.1:2024

IT Service Management Systems

ISO 22301:2019 + Amd.1:2024

Business Continuity Management Systems

Ready to certify against ISO/IEC 27001:2022 + Amd.1:2024?

Send us a brief description of your organisation — we’ll come back with a quotation within one working day.

Request a quotation →