Press Release

For immediate release: 28 March 2022

Helping businesses get ready for ISO 27001: 2022

Businesses that are ISO 27001:2013 certified, working toward ISO 27001 certification (or considering it), need to know about updates to the framework and their impact.

Changes to the longstanding ISO 27001 control framework – that were promised in 2018 – have now arrived. If an organisation is ISO 27001:2013 certified, working toward ISO 27001 certification or thinking about it, they need to know what this means for their data protection certification.

The updates have been a long time coming. The new version of ISO 27002 was finally published on 15 February 2022 and is a precursor to the update to ISO 27001.

Now, businesses will need to make plans to transition to the new standard. Data privacy consultancy and SaaS provider Safe Data Governance have a new solution to help businesses to manage this transition smoothly and cost-effectively.

Their new platform PRISM incorporates all the changes; helping companies with existing ISO 27001 to manage their migration to the new version, as well as helping businesses without ISO 27001 to implement the standard.

Director Steve Gibson commented, “This long-awaited update will have many businesses worried about how to either update their existing systems or manage changes to systems still to be implemented. The truth is, that a structured approach to these changes will eliminate a lot of the pain often caused by inexperience and overcomplication of these new requirements. This is exactly what we are set up to help organisations achieve.”

Safe Data Governance will be unveiling PRISM at the IRMS Conference in Glasgow from 15-17 May 2022. This will enable delegates to trial the platform and learn more.

Director Nigel Copp commented, “We are excited to launch PRISM at the IRMS Conference in May. It will enable us to speak in-depth with data consultants and service providers about how PRISM can assist them and their clients, and IRMS gives us the perfect opportunity to present our portal to a much larger audience.

As a previous end client, I have first-hand experience of how difficult and disorganised it can be trying to manage multiple certification disciplines, especially within SME’s where your primary focus needs to be running the business and winning new work.

I have been instrumental in the set up and development of the PRISM portal and fully understand how a structured intuitive system will help both consultants and business owners to save time and expense. We are now very excited and proud to be delivering our affordable privacy portal, PRISM to the market at IRMS – please do come and see us at our Stand.”

ISO 27001 Implementation Project Team


What do the changes mean for ISO 27001 certification?

Businesses won’t need to gain new certification for ISO 27001:2022 straightaway. Instead, accreditation bodies will grant at least a 12 months transition period from the point that new certification schemes become available. This will give organisations time to train staff, update policies and processes.

It is anticipated that any new ISO 27001 certification or audit taking place after March 2023 (where it is envisaged certification bodies will have their new schemes accredited) will use ISO 27001:2022. Whereas any existing ISO27001:2013 systems will have until around Summer 2024 to transition their existing systems.

What if businesses are part way through ISO 27001 certification?

Organisations can choose which version of the standard they certify against. It’s still possible to certify against ISO 27001:2013 up until the new ISO27001:2022 schemes become available, but companies will still need to transition to the new standard by around Summer 2022.

Ultimately this will require additional work, time, and resources, so it’s recommended to certify to the new standard unless you have no choice but to achieve certification before the new schemes become available around March 2023.

How can the transition from ISO 27001:2013 to ISO 27001:2022 be made easier for businesses?

The new platform PRISM incorporates all the new changes and updates.

This brand-new data protection and information security platform enables businesses to manage Cyber Essentials, Information Security ISO 27001 and Data Protection ISO 27701 compliance all in one place.

PRISM is designed to make data protection and cyber security compliance easier to manage, wherever a company is in their compliance journey. It will help companies with existing ISO 27001 to manage the migration to the new version, as well as helping businesses without ISO 27001 to implement the standard.


About Safe Data Governance

Safe Data Governance is a data privacy and compliance consultancy offering software as a service (SaaS). Formed in 2018, the company is based in Northampton and is owned by Directors Steve Gibson and Nigel Copp. With 30+ years of data privacy and compliance experience each they know and understand the market.

PRISM is an exciting new platform designed to make data compliance easier to manage. The modular system and tiered pricing structure can be scaled to meet the needs of any business; and can be easily adopted by SMEs, micro-businesses or sole traders without breaking the bank.

Learn more at:


To arrange an interview or for more information please Contact Us.