Emerging threats

We support organisations striving to build a trustworthy, safe online environment where users can engage authentically in their communities.
Cross-sector corporatesWe support international government organisations and NGOs working to provide infrastructure or improve the capabilities, security and resilience of their nation.
International programmes and developmentWe support commercial organisations operating in a digital world, seeking to protect their reputation and prevent business disruption caused by cyber attacks and compliance breaches.
UK government and public sectorWe support UK government organisations responsible for safeguarding critical infrastructure, preserving public trust, and maintaining national security.
Back in 2023, we highlighted that the mandatory transition from ISO 27001:2013 to ISO 27001:2022 was going to come around quickly. But, in a world of competing priorities, we know it’s difficult to make information security top of the pile. If you still have some work to do, PGI’s ISO 27001 experts are here to guide you through this change with practical, expert-led support tailored to your needs.
As a quick recap, if your organisation is currently certified to ISO 27001:2013, you have until 31 October 2025 to make the switch to ISO 27001:2022. That might sound like plenty of time, but the transition process can take several months depending on the size and complexity of your ISMS.
While the foundational structure of ISO 27001 stays the same, the 2022 revision brings a few important updates. These reflect changes in the way businesses operate today, and the growing need to protect data across increasingly digital, decentralised environments.
Here are the key elements that have changed:
As an Information Security consultant, I believe these changes are a step in the right direction. They reflect a better alignment with today’s threat landscape and the way modern organisations actually operate especially when it comes to supply chain security, which has become one of the most critical risk areas in recent years. The streamlined controls are a win for implementation efficiency, which saves time and, importantly, money.
Transitioning to ISO 27001:2022 is not just about ticking boxes it’s about understanding how the changes impact your organisation and ensuring your ISMS remains effective and future proof (and importantly, useful for your organisation, because ISO 27001 should work for you, not the other way around).
Here’s how we can help:
At PGI we don't just tick off a checklist. We combine deep technical knowledge with a clear understanding of business priorities. Our team includes experienced ISO 27001 Lead Auditors and Implementers, and we have supported organisations across critical sectors including Finance, Defence, Government, and Tech.
With the 31 October 2025 deadline fast approaching, now is the time to act. Whether you are looking for a light touch advisory service or hands on implementation support, we’re ready to help.
Get in touch with us today to get started.
ISO 27001 certification might seem like a huge mountain to climb; especially if you’re a small team juggling a million other things.
As a business leader, security leader, or IT decision-maker, you’re already spinning multiple plates: managing risk, meeting regulatory requirements, and making sure your systems are secure without slowing the pace of business.
Due diligence is not just a regulatory requirement but a fundamental component of a robust information security strategy.