ISO 27001

Information Security Management System

Every day, your organisation is surrounded by a wide variety of confidential information and data which have to be protected against the growing threat from cyber attacks and data theft. Responsible handing of information is therefore more important than ever, and the aspects of confidentiality, availability and integrity are becoming increasingly significant.

A well-functioning information security management system (ISMS) supports your organisation in closing loopholes within the IT structures and minimising data security risks. The criteria for establishment, implementation, operation, surveillance and continuous improvement of a documented ISMS are defined by the globally recognised ISO 27001 Standard.

With certification according to ISO 27001, you can provide objective and credible evidence of the effectiveness of your information security management system (ISMS), as the globally recognised standard defines the requirements for establishment, implementation, documentation and improvement of an ISMS. Existing risks for your organisation are identified, analysed and then eliminated based on effective and appropriate measures. This means you can protect your confidential data and improve the integrity and availability of your IT systems.

New ISO 27001:2022 & Its Transition Period

To address global cybersecurity challenges and imrove digital trust, a new and improved version of ISO/IEC 27001:2022 has just been published on Oct 25, 2022, replacing ISO/IEC 27001:2013. 

Below are the transition policies following the upgraded standard:

1. For Our New Client:

A. Starting Oct 25, 2023 will be audited for certification audit using ISO/IEC 27001:2022
B. Before Oct 25, 2023, for new clients who will still be  audited using ISO/IEC 27001:2013, your certificate will be valid only until Oct 25, 2025. Before it ends, you need to undergo an upgrading audit and new certificate will be released with its actual validity date.

Client A

Audited using ISO/IEC 27001:2013

Upgrade – Audited using ISO 27001:2022

Audited using ISO/IEC 27001:2022

1st Year

2nd Year

3rd Year

4th Year

Certification Audit – stage 1

10 – 11 Jan 2023




Certification Audit – stage 2

22 – 24 Jan 2023




Surveillance Audit - 1


22 – 24 Jan 2024



Surveillance Audit - 2



22 – 24 Jan 2025


Recertification Audit




22-24 Jan 2026

Certification Decision

24 Mar 2023


24 Mar 2025

24 Mar 2026

Output Certificate

ISO/IEC 27001:2013 which is valid from

24 Mar 2023 to 25 Oct 2025 (with actual validity of certificate is 23 Mar 2026)


ISO/IEC 27001:2022 which is valid from

25 Oct 2025 to 23 Mar 2026

ISO/IEC 27001:2022 which is valid from

24 Mar 2026 to 23 Mar 2029


2. For our existing client:
The transition period will be up to Oct 25, 2025

Varied benefits

Here’s how ISO/IEC 27001 will benefit your organization: 

  • Secure information in all forms, including paper-based, cloud-based and digital data 
  • Increase resilience to cyber-attacks 
  • Provide a centrally managed framework that secures all information in one place 
  • Ensure organization-wide protection, including against technology-based risks and other threats 
  • Respond to evolving security threats 
  • Reduce costs and spending on ineffective defence technology 
  • Protect the integrity, confidentiality and availability of data.

Our know-how for your success

TÜV NORD is a well-established and reliable partner for inspection and certification services. Our experts and auditors have extensive knowledge based on experience and are generally permanently employed by TÜV NORD. This guarantees independence and neutrality, and also means we can offer continuity in supporting our clients. The benefit to you is clear: our auditors accompany and support the development of your company and provide you with objective feedback.

Contact Us

Arkadia Green Park, Tower F 6th Floor, Suite 602-604, Jl. TB. Simatupang Kav.88, Kebagusan, Pasar Minggu, 12520 Jakarta Selatan

Tety YohantiSales Manager
Certification Services