Easy ISO 27001:2022 certification

Trusted, cost-effective support from experienced consultants to help transition to ISO 27001:2022. Find out about our accessible packages.

Trusted Compliance services

CREST approved
PEN TEST approved
Offensive Security OSCP
ISO 27001 Certified
Cyber Essentials Certification
Cyber Essentials Plus Certification

Get a fast ISO 27001:2022 quote

Trusted ISO 27001:2022 compliance

Flexible Service Delivery

Flexible service works around your schedule to minimise disruption to your everyday business

Cost-effective Packages

Get a best-fit service to transition to ISO 27001:2022 with our accessible package

Seasoned Consultants

Everything’s made as easy as possible thanks to our experienced & certified ISO 27001 consultants

End-to-end Compliance Support

Experience a seamless, end-to-end consultancy service from the initial kick-off to certification.

What is ISO 27001:2022?What is ISO 27001:2022?

What is ISO 27001:2022?

ISO 27001:2022 is the latest version of the internationally celebrated ISO 27001 standard. The 2022 version replaces the previous 2013 edition and brings the standard in-line with modern business practices and technologies, such as cloud computing. At its core it’s still the same information security standard, making it a valuable addition to your business.

What’s changed in ISO 27001:2022?

ISO 27001 2022 has updated its controls so it remains relevant to modern business operations. Along with 11 new controls added to the 2022 edition of ISO 27001, the controls have been re-organised so that the total number has decreased from 114 to 93. The controls have also been categorised into four themes to make it easier to organise and implement. The new and updated requirements are referenced in Annex A of ISO 27001:2022, which means that organisations that currently use Annex A controls will need to update their Information Security Management System (ISMS) before being assessed against ISO 27001:2022.

The four themes are:


37 controls

Covers confidentiality, on/off boarding, remote work, and how employees interact with information.


14 controls

Deals with site maintenance and security, physical access to data, and environmental threats


34 controls

Encryption, authentication, access control, and ensuring your technology is appropriate to the task.


8 controls

Policies, use of assets, management, and things that don’t fit into other three themes.

Get certification-ready with BulletproofGet certification-ready with Bulletproof

Get certification-ready with Bulletproof

Our friendly ISO consultants are seasoned compliance experts with extensive experience of providing ISO 27001:2022 compliance services to a wide range of organisations across multiple sectors. We leverage this experience when transitioning your business from 2013 to 2022 version of ISO 27001. Bulletproof will get your organisation ready to certify against the new standard:

  • Understand the scope of the ISMS
  • Conduct risk assessments and review risk management framework
  • Review policies, procedures and documentation
  • Get oversight of non-conformities
  • Flexible gap analysis, implementation and audit plans to work around your busy schedule

Many of our information security consultants also provide valuable on-going ISO support through our popular virtual CISO service.

Find the right ISO 27001:2022 transition package

Get help at every stage of the journey moving your business from ISO 27001:2013 to ISO 27001:2022, with gap analysis, implementation and audit support.

Gap Analysis

Understand where your compliance currently is vs where you need to be

  • Detailed discovery exercise looks at all technical, procedural, & physical security controls
  • Systematic approach ensures all aspects of 27001:2022 are covered
  • Our friendly ISO consultants make it as painless as possible

Gap Analysis & Implementation

Includes everything in a Gap Analysis, plus hands-on help implementing the changes

  • Embed information security controls & ensure they’re effective
  • Included ISO 27001 resources help creating missing policies & procedures
  • Leverages our consultants’ experience across many industries & sectors

Audit Only

If you’re undertaking the gap analysis and implementation work in-house and are confident in your compliance status, we can provide external assurance with a full ISO 27001:2022 audit.

Our auditor will assess your ISMS and Annex A controls to make sure you’re ready for your certification audit.


ISO 27001:2022 FAQs

If you’re part-way through ISO 27001 certification then check with your provider if you’re under the 2013 or 2022 edition of the standard. Bulletproof recommends ISO 27001 certification is carried out under the new 2022 version.

The updated controls of ISO 27001:2022 are outlined in Annex A and covered in much more detail in the supplementary standard ISO 27002. ISO 27002:2022 details how each control works, its aim and objective, and includes implementation advice. For organisations using ISO 27002, Bulletproof offers a dedicated ISO 27002 gap analysis for the new 2022 update.

One of the reasons ISO 27001 certification is so valuable is that it makes a profoundly positive change to your business security. It overlaps with the GDPR in a number of areas and makes GDPR compliance easier:

  • Identify and assess information security risks
  • Implement appropriate controls to mitigate those risks
  • Manage access to personal data
  • Protect personal data from unauthorized access, use, disclosure, alteration, or destruction
  • Respond to data breaches and security incidents

If you currently have the ISO 27001:2013 certification, now is a great time to upgrade to ISO 27001:2022. You don’t have to wait until it’s time for your renewal. If it’s approaching time to renew your ISO 27001 certification then take a look at our packages to see what level of support you need to upgrade from ISO 27001:2013 to ISO 27001 2022.

Annex A of ISO 27001:2022 lists the updated controls that make the new version of ISO 27001 more relevant to modern business operations. The 11 new controls listed in Annex A are:

  • Threat intelligence
  • Information security for the use of cloud services
  • ICT readiness for business continuity
  • Physical security monitoring
  • Configuration management
  • Information deletion
  • Data masking
  • Data leakage prevention
  • Monitoring activities
  • Web filtering
  • Secure coding

Get a fast ISO 27001:2022 quote

One of our expert ISO 27001:2022 consultants will get back to you as soon as possible.

Here’s what our customers say about us

More ISO 27001:2022 learning resources

Bulletproof's security qualifications

ISO 27001
ISO 9001
ISO 27001
ISO 9001
Offensive Azure Security Professional
AWS Certified Cloud Practitioner
Offensive Azure Security Professional
AWS Certified Cloud Practitioner
Certified AppSec Practitioner
HM Government G-Cloud
Crown Commercial Service Supplier
Cyber Essentials
Cyber Essentials
Certified AppSec Practitioner
HM Government G-Cloud
Crown Commercial Service Supplier
Cyber Essentials
Cyber Essentials

Trusted by top brands

Rated 5 stars on Google


Get a fast ISO 27001:2022 quote

Meet & maintain ISO 27001:2022 compliance with trusted compliance consultancy from Bulletproof..

  • Seasoned compliance consultants make the process easy
  • Accessible packages for a best-fit service
  • Cost-effective ISO 27001:2022 compliance
  • Flexible delivery fits around your business
  • End-to-end support through the whole process

Discover more cyber & compliance resources from Bulletproof

Trusted cyber security & compliance services from a certified provider