Blue Goat CyberSMMedical Device Cybersecurity
    K
    All regulatory tracker entries
    Oct 31, 2025·ISO/IEC · Standard transitionActiveMedium impact

    ISO/IEC 27001:2022 transition deadline passes

    Organizations still certified to ISO/IEC 27001:2013 lost certification on 31 October 2025. Hospitals expect the 2022 control set (including A.8 secure development, A.5.7 threat intelligence) in procurement.

    What changed

    • Annex A reorganized into 4 themes with 11 net-new controls (threat intelligence, ICT readiness, secure development, monitoring).
    • Certification bodies stopped 2013 audits after the transition date.

    Action for manufacturers

    If you appear in a hospital procurement with a 2013-era certificate, the buyer will treat it as expired. Renew under 2022 and update your MDS2/security questionnaire references.

    Primary sources

    Ready when you are

    Get FDA cleared without the cybersecurity headaches.

    30-minute strategy session. No cost, no commitment - just answers from people who've shipped 250+ FDA submissions.