ISO/IEC 27001:2022 – October 2025 Deadline: Have You Considered the Environmental Requirement?

June 11, 2025

ISO27001:2022 Audit Readiness

As we edge closer to the 31 October 2025 deadline for transitioning from ISO/IEC 27001:2013 to the 2022 version, many organisations are rightly focusing on updated controls and audit readiness.


But here’s a crucial question often overlooked:

Have you considered the environmental requirement introduced in the latest standard?


In February 2024, ISO released Amendment 1 to ISO/IEC 27001:2022. It formally integrates climate change considerations into your ISMS requirements. While this isn’t about sustainability reporting or carbon tracking, it is a pivotal shift in how we view information security resilience.


What’s Changed?

Two key clauses now require you to factor in climate risk:


  • Clause 4.1 – Context of the Organization:

You must evaluate whether climate change is a relevant issue for your ISMS.

  • Clause 4.2 – Needs and Expectations of Interested Parties:


You need to assess whether your clients, regulators, or partners have environmental or climate-related concerns that could affect information security.


This “comply or justify” approach means you must document your consideration, even if you determine climate is not relevant.

Practical Implications


If climate change is relevant to your context (e.g. physical risks to data centres, impact on energy infrastructure), you'll need to:


  • Include climate risks in your risk register
  • Update your business continuity plans
  • Strengthen Annex A.7.5 controls (physical/environmental security)
  • Discuss environmental relevance during management review
  • Be prepared to show evidence during your transition audit


Your ISO/IEC 27001:2022 Climate Compliance Checklist


  • Consider climate change in Clause 4.1
  • Review interested party requirements under Clause 4.2
  • Integrate climate-related risks and mitigations
  • Review fire/flood/electrical risk under Annex A
  • Prepare documentation for external audit


Final Thoughts

You don’t need to be a climate expert to comply. But you do need to treat climate change like any other risk, evaluate it, record your position, and take steps if needed.


At Cybergen, we help organisations not only prepare for the ISO/IEC 27001:2022 transition but navigate emerging requirements like this with confidence.

ISO27001 Ready? Find Your Compliance Gaps Before Auditors Do


Don’t wait for an audit to uncover gaps in your ISMS. Our ISO27001 specialists help you identify nonconformities, strengthen documentation, and align with the 2022 standard, including the latest environmental requirements.


Get ahead of the audit, contact us today for an ISO27001 readiness assessment.

Ready to strengthen your security compliance and get audit ready?  Contact us today for more information on our ISO Consultancy Services.


Let's get protecting your business


A person is typing on a laptop computer in a dark room.

Continuous Penetration Testing vs Annual Assessments: What’s Right for Your Business in 2025?

July 28, 2025
Discover which approach suits your business best in 2025: Continuous Penetration Testing or Annual Security Assessments. Learn from Cybergen's experts.
A woman is sitting on the floor in a dark room looking at a laptop.

DORA Compliance for Cybersecurity: Your Roadmap to 2025 Readiness

July 26, 2025
Discover what DORA compliance means for cybersecurity in the UK. Learn who must comply, the key requirements, and how to prepare for the Digital Operational Resilience Act in 2025.
A map of the world with a lot of dots and lines on it.

Beyond the Perimeter: How Internal Penetration Testing Finds What External Tests Miss

July 25, 2025
Discover why internal penetration testing is essential for identifying hidden threats inside your network. Learn strategies, tools, and solutions with Cybergen.
A blue background with a lot of lines and hexagons

Business Continuity vs Disaster Recovery: Key Differences, Strategies and Common Pitfalls

July 25, 2025
Understand the key differences between business continuity and disaster recovery. Learn practical strategies, avoid common pitfalls and see how Cybergen can strengthen your cyber resilience.
A group of people are standing around a law book and a judge 's gavel.

Legal Aid Providers: Are You Ready for December’s Cyber Essentials Deadline?

July 24, 2025
Cyber Essentials certification becomes mandatory for legal aid providers in December 2025. Learn how to prepare, reduce risk, and stay compliant with expert guidance from Cybergen.
A man is sitting at a desk looking at a piece of paper.

API Penetration Testing in 2025: The New Battleground for Cyber Offence

July 24, 2025
Explore how API penetration testing is reshaping cybersecurity in 2025. Learn what businesses must know about new risks, regulations, and expert testing solutions from Cybergen.
A person is typing on a laptop computer.

Achieving ISO 27001:2022 Compliance, Your Complete UK Consultancy Guide

July 23, 2025
Discover how to achieve ISO 27001:2022 compliance in the UK with expert consultancy. Learn key steps, avoid common pitfalls, and ensure cybersecurity success.
A man is sitting at a desk in front of a computer talking on a headset.

AI-Powered Penetration Testing: Enhancing Traditional Reconnaissance and Enumeration

July 21, 2025
Explore how AI is transforming traditional penetration testing. Learn how AI tools can enhance reconnaissance and enumeration while maintaining manual testing best practices. Discover Cybergen's expert approach.
A group of people standing next to each other on a purple background.

Purple Teaming: Collaboration for Stronger Defences

July 18, 2025
Discover how Purple Teaming bridges Red and Blue Teams to enhance cyber resilience. Learn best practices, real-world use cases, metrics, and tools for effective collaboration and continuous improvement in your security strategy.