Skip links

ISO/IEC 27001


ISO/IEC 27001 is the international standard that helps organisations manage and protect their information assets and keep them secure, by describing best practice for an Information Security Management System (ISMS). ISO/IEC 27001 certification will help your organisation manage the security of assets. It will also inform your customers that your organisation has defined and implemented effective information security processes; winning their confidence and helping you create a trusting relationship.

Check out our UKAS Schedule to see the extent of our ISO/IEC 27001 UKAS Accreditations


Certified Companies will have until 31st October 2025 (36 months) to update their ISMS and transition their Certification to ISO/IEC 27001:202

All ISO/IEC 27001:2013 certificates will cease to be valid after 31st October 2025

A Certification Body (such as PQAL) will need to conduct a transition assessment within this time period and issue an updated Certificate

The transition assessment will determine whether a company has updated their ISMS to the new requirements of ISO/IEC 27001:2022, including the changes to Annex A controls

Transitions can take place at the time of a Surveillance Audit, a Recertification Audit, or even as a stand-alone Audit. Typically, a transition will require additional Audit Time

It is anticipated that most Certified Companies will choose to conduct their implementation of the new requirements prior to their next audit, to be in line with stakeholder expectations

Please click here to download PQAL’s Guidance on the changes to ISO/IEC 27001

Please click here to download PQAL’s Gap Analysis between ISO/IEC 27001:2013 and ISO/IEC 27001:2022


  • Regulatory compliance. The UK Data Protection Act is just one of many regulations currently pertaining to information security in the UK. ISO/IEC 27001 implementation helps to ensure compliance with all applicable laws and regulations. This reduces the likelihood of fines and other penalties due to non-compliance or the occurrence of a data breach.
  • Data breaches. One data breach can do irreparable damage to your company’s reputation. An ISO/IEC 27001 audit helps you limit the possibility of a breach by identifying the areas in which you are most vulnerable. It also provides a sound information management security risk framework. As mentioned, adhering to ISO/IEC 27001 standards reduces the likelihood of incurring fines or facing criminal prosecution due to non-compliance with any applicable laws and regulations.
  • Low risk management confidence. How confident are you in your organization’s ability to effectively manage data/information security risks? ISO/IEC 27001 registrations provide companies with an effective framework for identifying risks and threats, as well as for establishing the appropriate internal controls for minimising or even eliminating them. This will give you and your stakeholders greater assurance that you are doing everything possible to safeguard your organization’s vital information.
  • Access to information. A critical element of any data security effort is effectively controlling who has access to information at any given time. ISO/IEC 27001 certification provides a framework for ensuring that all authorized users can get the information they need when they need it, while also preventing unauthorized users from accessing private or confidential data. This also helps to establish stakeholder trust and credibility, while enhancing your company’s recovery operations in the event of a breach or other catastrophic event.
  • Meeting high customer expectations. Understandably, your customers are likely to have high expectations in terms of protecting their private or sensitive information. ISO/IEC 27001 standards act as a blueprint for establishing customer-friendly policies and procedures that reduce your company’s risk of a breach, helping to put your customers’ minds at ease. This can be advantageous in terms of improving customer retention and generating new business. It can also reduce the level of third-party scrutiny regarding your information security practices.
  • Creating a security mindset. Information security must be a point of focus for every member of your organization. The action of ISO/IEC 27001 implementation sends a clear message throughout your organization that security is a top priority. By increasing awareness, you’ll be helping to establish a security mindset that will spread to every level of your company, which can also reduce the likelihood of staff-related security breaches.

PQAL’s Current ISO/IEC 27001 UKAS Accreditations:

Agriculture, Forestry and Fishing Activities UKAS Accreditation Granted (Full)
Mining and Quarrying Activities UKAS Accreditation Granted (Full)
Manufacture of Food Products, Beverages and Tobacco UKAS Accreditation Granted (Full)
Manufacture of Textiles and Textile Products UKAS Accreditation Granted (Full)
Manufacture of Leather and Leather Products UKAS Accreditation Granted (Full)
Manufacture of Wood and Wood Products UKAS Accreditation Granted (Full)
Manufacture of Pulp and Paper Products UKAS Accreditation Granted (Full)
Publishing Activities UKAS Accreditation Granted (Full)
Printing Activities UKAS Accreditation Granted (Full)
Publishing Activities UKAS Accreditation Granted (Full)
Manufacture of Coke and Refined Petroleum Products UKAS Accreditation Granted (Full)
Manufacture of Nuclear Fuel UKAS Accreditation Granted (Full)
Manufacture of Chemicals, Chemical Products and Fibres UKAS Accreditation Granted (Full)
Manufacture of Pharmaceuticals UKAS Accreditation Granted (Full)
Manufacture of Rubber Products UKAS Accreditation Granted (Full)
Manufacture of Plastic Products UKAS Accreditation Granted (Full)
Manufacture of Non-Metallic Mineral Products UKAS Accreditation Granted (Full)
Manufacture of Concrete, Cement, Lime, Plaster UKAS Accreditation Granted (Full)
Manufacture of Basic Metals and Fabricated Metal Products UKAS Accreditation Granted (Full)
Manufacture of Machinery and Equipment UKAS Accreditation Granted (Full)
Manufacture of Electrical and Optical Equipment UKAS Accreditation Granted (Full)
Shipbuilding Activities UKAS Accreditation Granted (Full)
Aerospace Activities UKAS Accreditation Granted (Full)
Manufacture of Transport Equipment UKAS Accreditation Granted (Full)
Manufacturing Not Elsewhere Classified UKAS Accreditation Granted (Full)
Recycling Activities UKAS Accreditation Granted (Full)
Electricity Supply UKAS Accreditation Granted (Full)
Gas Supply UKAS Accreditation Granted (Full)
Water Supply UKAS Accreditation Granted (Full)
Manufacture of Activities UKAS Accreditation Granted (Full)
Construction UKAS Accreditation Granted (Full)
Wholesale and Retail Trade UKAS Accreditation Granted (Full)
Hotels and Restaurant Activities UKAS Accreditation Granted (Full)
Transport, Storage and Communication Activities UKAS Accreditation Granted (Full)
Financial Intermediation, Real Estate, Renting Activities UKAS Accreditation Granted (Full)
Information Technology Activities UKAS Accreditation Granted (Full)
Engineering Services UKAS Accreditation Granted (Full)
Other Services UKAS Accreditation Granted (Full)
Public Administration Services UKAS Accreditation Granted (Full)
Education Activities UKAS Accreditation Granted (Full)
Health and Social Work Activities UKAS Accreditation Granted (Full)
Social Service Activities UKAS Accreditation Granted (Full)

How can we help you?

Contact us at the PQAL Office nearest to you or send us an email

Contact Us