Skip to content
27kay27kay

ISO 27001:2022 Migration: Free Notion Template

(updated: ) · 4 min read · 27kay
ISO 27001ISMScompliancecertification

A mapping tool for the 2013-to-2022 transition

The ISO 27001:2022 transition deadline passed in October 2025, and certified organizations should now be operating under the current version. But a structured mapping between the old and new control sets remains useful - for organizations completing late transitions, for new implementations that reference legacy documentation, and for anyone who wants to understand exactly how the 93 controls in the 2022 version relate to the 114 controls in the 2013 version.

We built a free Notion template that consolidates everything you need for this mapping in one place. Whether you are still finishing your transition or starting fresh with the 2022 version, the template gives you a practical reference for understanding and implementing the changes.

What the template includes

The template is organized around four areas that matter most during a migration:

Clause-by-clause change summaries. High-level summaries of what changed in each ISMS clause (4 through 10) between the 2013 and 2022 versions. These cover the additions to Clause 4.2 (interested parties analysis), the new Clause 6.3 (planning of changes), updates to Clause 8.1 (operational planning), and the reordering of Clause 10.

Side-by-side control mapping. A complete mapping from the old 114 controls across 14 domains to the new 93 controls across four themes (organizational, people, physical, technological). This shows you which controls merged, which were renamed, and which are entirely new. The 11 new controls - including threat intelligence, cloud security, data leakage prevention, and secure coding - are highlighted with implementation context.

Merged control tracker. The 2022 version consolidated 57 controls from the 2013 version through merging. The template tracks each merge so you can verify that your existing control implementations still satisfy the requirements under their new combined control numbers.

Implementation guidance. For each changed or new control, the template includes brief implementation notes - what evidence auditors expect, which policies or procedures need updating, and how to assign responsibility across your team.

How to use the template

The template works as a migration project tracker. Here is a practical approach:

Gap analysis. Start by comparing your current Statement of Applicability against the 2022 control structure. The side-by-side mapping shows where your existing controls carry over directly and where gaps exist. Focus on the 11 new controls - these are the areas where you most likely need new risk assessments and control implementations.

Documentation updates. Use the clause summaries to identify which of your ISMS documents need revision. At minimum, your SoA needs remapping, your information security policy should reference the current standard version, and any procedures tied to specific control numbers need updating.

Team coordination. The implementation notes suggest how to distribute work across your team. In a small organization, one person might handle all documentation updates while another focuses on implementing new technical controls. In larger teams, you can assign control themes (organizational, people, physical, technological) to different owners.

Audit preparation. Track your progress through the template so you have a clear record of what changed, when, and why. This becomes useful evidence during your next surveillance or recertification audit - auditors want to see that the transition was planned and systematic, not a last-minute rush.

When this template is still useful

Even though the formal transition deadline has passed, organizations find the template valuable in several situations:

Late transitions. Some organizations - particularly those with certification cycles that extended into late 2025 - are still completing their transition. The template provides the structured approach needed to finish the work systematically.

New implementations. If you are implementing ISO 27001 for the first time using the 2022 version, the mapping helps you understand the standard’s history. Many guides, courses, and reference materials still use 2013 terminology and control numbering. The template bridges that gap.

Reference material. When reviewing legacy risk assessments, audit reports, or supplier certifications that reference 2013 control numbers, the mapping lets you quickly translate to the current equivalent.

Get the template

The Notion template is free - no signup or email required. We built it because migration should not be harder than it needs to be.

Get the ISO 27001:2022 Update Kit on Notion - duplicate it to your own workspace and start mapping. If you have questions about your specific migration situation, reach out and we are happy to help.

How 27kay can help

We help organizations with ISO 27001 implementation and migration - from gap analysis through certification. If your transition is still in progress, we can assess where you stand and build a realistic plan to complete it. If you are starting fresh with the 2022 version, we will get your ISMS right from the start.

Need help with your ISO 27001:2022 transition? Let’s talk - we will give you an honest assessment of what is left to do.