ISO/IEC 27001:2022 – October 2025 Deadline: Have You Considered the Environmental Requirement?

June 11, 2025

ISO27001:2022 Audit Readiness

As we edge closer to the 31 October 2025 deadline for transitioning from ISO/IEC 27001:2013 to the 2022 version, many organisations are rightly focusing on updated controls and audit readiness.


But here’s a crucial question often overlooked:

Have you considered the environmental requirement introduced in the latest standard?


In February 2024, ISO released Amendment 1 to ISO/IEC 27001:2022. It formally integrates climate change considerations into your ISMS requirements. While this isn’t about sustainability reporting or carbon tracking, it is a pivotal shift in how we view information security resilience.


What’s Changed?

Two key clauses now require you to factor in climate risk:


  • Clause 4.1 – Context of the Organization:

You must evaluate whether climate change is a relevant issue for your ISMS.

  • Clause 4.2 – Needs and Expectations of Interested Parties:


You need to assess whether your clients, regulators, or partners have environmental or climate-related concerns that could affect information security.


This “comply or justify” approach means you must document your consideration, even if you determine climate is not relevant.

Practical Implications


If climate change is relevant to your context (e.g. physical risks to data centres, impact on energy infrastructure), you'll need to:


  • Include climate risks in your risk register
  • Update your business continuity plans
  • Strengthen Annex A.7.5 controls (physical/environmental security)
  • Discuss environmental relevance during management review
  • Be prepared to show evidence during your transition audit


Your ISO/IEC 27001:2022 Climate Compliance Checklist


  • Consider climate change in Clause 4.1
  • Review interested party requirements under Clause 4.2
  • Integrate climate-related risks and mitigations
  • Review fire/flood/electrical risk under Annex A
  • Prepare documentation for external audit


Final Thoughts

You don’t need to be a climate expert to comply. But you do need to treat climate change like any other risk, evaluate it, record your position, and take steps if needed.


At Cybergen, we help organisations not only prepare for the ISO/IEC 27001:2022 transition but navigate emerging requirements like this with confidence.

ISO27001 Ready? Find Your Compliance Gaps Before Auditors Do


Don’t wait for an audit to uncover gaps in your ISMS. Our ISO27001 specialists help you identify nonconformities, strengthen documentation, and align with the 2022 standard, including the latest environmental requirements.


Get ahead of the audit, contact us today for an ISO27001 readiness assessment.

Ready to strengthen your security compliance and get audit ready?  Contact us today for more information on our ISO Consultancy Services.


Let's get protecting your business


Person typing on laptop, with cloud, documents, and security icons overlaid, suggesting cloud computing.

If Attackers Tested Your Systems Tomorrow, What Would They Find?

January 18, 2026
If attackers tested your systems tomorrow, what would they find? Discover how modern penetration testing exposes real attack paths, identity weaknesses, and hidden misconfigurations before they become breaches.
Person using computer with multiple screens displaying security shields and code in blue hues.

How Continuous Threat Exposure Management (CTEM) Enhances Cyber Resilience

January 10, 2026
CTEM strengthens cyber resilience by continuously identifying, prioritising and reducing real-world cyber exposure for UK organisations.
Man looking intently at a computer screen displaying a warning symbol within a shield. Dark blue background.

The Real Cost of Penetration Testing in the UK in 2026

January 4, 2026
Learn the real cost of penetration testing and pen testing in the UK in 2026, including pricing factors, average costs, and how to budget effectively.
A human face with cracks and glowing red eyes, overlaid with digital code and a red triangle symbol.

Ransomware in 2026 An Overview of Active and Emerging Threat Groups

January 1, 2026
Ransomware in 2026: an overview of active and emerging threat groups, tactics, and trends—covering how attacks evolve, who’s driving them, and what organisations can do to reduce risk and recover fast.
Cybergen and Flashpoint graphic: headline

How Cybergen Is Expanding Its Threat Intelligence Capabilities with Flashpoint

December 12, 2025
Cybergen partners with Flashpoint to enhance threat intelligence, giving organisations deeper visibility, proactive defence, and faster response to cyber threats.
Gold fishing hook with chain, in front of a computer screen displaying email icons.

How the Travel Industry Is Fighting Booking Fraud and Phishing

December 12, 2025
Explore how travel companies are fighting booking fraud and phishing with advanced security, awareness training, and stronger authentication to protect customers.
People walk toward Tower Bridge in London, a modern glass building and the City Hall dome are in the background.

How Public Sector Agencies Are Strengthening Digital Security

December 7, 2025
A full guide on how public sector agencies strengthen digital security through strong controls and modern practices.
Laptop on desk with holographic financial charts displayed in an office setting.

Why LegalTech Platforms Must Invest in Strong Cyber Defences

December 3, 2025
A detailed guide on why LegalTech platforms must strengthen cyber defences to protect data, clients and services.
Cars driving on a multi-lane highway, with digital sensor overlays. Urban setting.

Cybersecurity For Autonomous Driving Systems And Practical Protection For Safer Transport

November 25, 2025
Explore cybersecurity risks in autonomous driving systems and learn practical steps to protect connected vehicles. This detailed guide explains threats, safety measures and expert insights for stronger defence.