Change Management
Assign topic to the user
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 22301 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer: Regarding ISO 27001, you have two issues here:
- Clause 8.2 of ISO 27001 says that when significant changes occur, risk assessment needs to be performed.
- Control A.12.1.2 from Annex A requires changes to be managed so you can ensure they are authorized, controlled and risks of problems during the change are minimized.
Said that, first you should perform a risk assessment to re-evaluate the risks considering the new location (some new risks may arise or already identified risks may change values, requiring adjustments in your risk treatment plan). After that you should proceed with the risk management procedure.
For these two activities, I suggest you to take a look at the free demo of these documents:
- Risk Assessment and Risk Treatment Methodology https://advisera.com/27001academy/documentation/risk-assessment-and-risk-t reatment-methodology/
- Change management Police https://advisera.com/27001academy/documentation/change-management-policy/
- Business continuity plan https://advisera.com/27001academy/documentation/business-continuity-plan/
The risk assessment and treatment methodology can help you to re-evaluate the risks, the change management plan can help you organize the whole change process, and the business continuity plan can help you organize the specific activities related to the change and how to handle potential problems if they occur.
These articles will provide you further explanation about change management:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- How to manage changes in an ISMS according to ISO 27001 A.12.1.2 https://advisera.com/27001academy/blog/2015/09/14/how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/
These materials will also help you regarding change management:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course
Comment as guest or Sign in
May 26, 2017