ISO/IEC 27001:2022 – October 2025 Deadline: Have You Considered the Environmental Requirement?

June 11, 2025

ISO27001:2022 Audit Readiness

As we edge closer to the 31 October 2025 deadline for transitioning from ISO/IEC 27001:2013 to the 2022 version, many organisations are rightly focusing on updated controls and audit readiness.


But here’s a crucial question often overlooked:

Have you considered the environmental requirement introduced in the latest standard?


In February 2024, ISO released Amendment 1 to ISO/IEC 27001:2022. It formally integrates climate change considerations into your ISMS requirements. While this isn’t about sustainability reporting or carbon tracking, it is a pivotal shift in how we view information security resilience.


What’s Changed?

Two key clauses now require you to factor in climate risk:


  • Clause 4.1 – Context of the Organization:

You must evaluate whether climate change is a relevant issue for your ISMS.

  • Clause 4.2 – Needs and Expectations of Interested Parties:


You need to assess whether your clients, regulators, or partners have environmental or climate-related concerns that could affect information security.


This “comply or justify” approach means you must document your consideration, even if you determine climate is not relevant.

Practical Implications


If climate change is relevant to your context (e.g. physical risks to data centres, impact on energy infrastructure), you'll need to:


  • Include climate risks in your risk register
  • Update your business continuity plans
  • Strengthen Annex A.7.5 controls (physical/environmental security)
  • Discuss environmental relevance during management review
  • Be prepared to show evidence during your transition audit


Your ISO/IEC 27001:2022 Climate Compliance Checklist


  • Consider climate change in Clause 4.1
  • Review interested party requirements under Clause 4.2
  • Integrate climate-related risks and mitigations
  • Review fire/flood/electrical risk under Annex A
  • Prepare documentation for external audit


Final Thoughts

You don’t need to be a climate expert to comply. But you do need to treat climate change like any other risk, evaluate it, record your position, and take steps if needed.


At Cybergen, we help organisations not only prepare for the ISO/IEC 27001:2022 transition but navigate emerging requirements like this with confidence.

ISO27001 Ready? Find Your Compliance Gaps Before Auditors Do


Don’t wait for an audit to uncover gaps in your ISMS. Our ISO27001 specialists help you identify nonconformities, strengthen documentation, and align with the 2022 standard, including the latest environmental requirements.


Get ahead of the audit, contact us today for an ISO27001 readiness assessment.

Ready to strengthen your security compliance and get audit ready?  Contact us today for more information on our ISO Consultancy Services.


Let's get protecting your business


A person in a suit works at a desk with multiple monitors displaying complex data, charts, and a glowing digital lock.

The Data Security Crisis: How AI, Shadow AI and Insider Risk Are Creating Invisible Breach Paths

April 11, 2026
AI is creating new, invisible data security risks. Learn how shadow AI, insider behaviour, and identity threats are exposing organisations, and how to defend against them.
A hand touching a tablet screen against a blue digital background with a glowing padlock icon.

Identity Is the New Attack Surface: How Cybercriminals Are Bypassing MFA and What Organisations Must Do Next

April 8, 2026
MFA is no longer enough. Discover how attackers bypass identity controls and why intelligence-led security is critical to defending modern organisations.
A digital blue globe surrounded by floating data panels and a network of connected nodes on a black background.

AI-Powered Attacks Are Outpacing Defences, Why Intelligence-Led Security Is the Only Way Forward in 2026

April 6, 2026
AI is accelerating cyber attacks faster than organisations can respond. Discover why intelligence-led security is now critical to defending against real-world threats in 2026.
A person sits at a desk in a dark office, monitoring multiple computer screens displaying code and a large padlock icon.

From Exposure to Exploitation: Why Continuous Threat Exposure Management (CTEM) Is Replacing Traditional Security Testing

April 2, 2026
Traditional security testing is no longer enough. Discover how CTEM helps organisations identify and eliminate real-world attack paths before they are exploited.
A glowing blue digital vortex swirls in a futuristic dark room, surrounded by floating holographic data displays.

Agentic AI and the Rise of Autonomous Cyber Attacks

March 25, 2026
Agentic AI is transforming cybercrime by enabling autonomous attack systems that can plan, adapt, and execute sophisticated cyber campaigns at scale, forcing organisations to rethink traditional defences and prepare for faster, more intelligent threats.
A person sits at a laptop in a dark room with floating, glowing blue digital data panels while two figures stand nearby.

Infostealers: The Malware Economy Powering Today’s Cybercrime

March 22, 2026
Discover how infostealer malware fuels today’s cybercrime economy, harvesting billions of credentials and enabling attackers to access corporate systems with ease.
Two-story glass office building at night with blue lighting, computer screens, and silhouettes of people working inside.

Breaking In Is Dead: Why Identity Has Become the New Cybersecurity Battleground

March 21, 2026
Breaking in is dead. Discover why identity-based attacks are rising, how attackers log in undetected, and what organisations must do to stay secure.
A server room rack projects a glowing blue holographic shield icon and streaming code, both surrounded by digital flames.

Shadow AI: The Fastest-Growing Cybersecurity Threat Most Organisations Cannot See

March 14, 2026
Shadow AI is rapidly becoming one of the most dangerous hidden cybersecurity risks. Discover how unsanctioned AI tools expose data, IP and compliance vulnerabilities.
Blue abstract network of connected points on dark blue background.

AI and the Cybersecurity Frontier: Strategic Insight for CISOs and CTOs

March 10, 2026
Explore how AI is reshaping cybersecurity. Strategic insights for CISOs and CTOs on adaptive defence, AI-driven threats, identity security and future-ready cyber strategy.