Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

2005 revision deadline

My query is that we have engaged auditing body to conduct stage 1 Audit (June, 2014) in our organization. They have conducted audit on ISO 27001:2005 version and shared finding with us for closure, now we are closing stage 1 Audit findings and plan to engage our Auditor for Stage 2 Audit in mid September, 2014. Our consultant said that the BSI restricted to certify by September, 2014 on ISO 27001:2005 after that companies have to certify on new version that is ISO 27001:2013. The confusion is that If we certify on 2005 revision and unfortunately any major non-compliance raise by Auditor which takes 2 month to close for example, then BSI will certify us on 2005 revision or they said that its November, 2014 and the certification on older version was applicable till September, 2014?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

To be honest, I'm not sure how the certification body will react in this case, but basically I agree with your consultant - certification bodies should not issue certificates according to 2005 revision after September 2014. The best course of action here would be to contact your certification body and ask them about their approach.

Since you will eventually need to transition to 2013 revision, here are the steps you'll need to take: https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community