Compliance with ISO 27001:2022
Hi Dejan,
Thank you for your email.
I have a few questions that you might be able to answer with regards to what we currently have and what do we need to fully comply with ISO 27001:2022
Our current situation are follows:
ISO 27001:2013 is valid from August 2021 to August 2024
First Surveillance/Maintenance Audit was completed
2nd Surveillance/Maintenance Audit is schedule for 2023
Recertification Audit is scheduled for 2024
The question is
Should we start implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024?
or
Should we start implementing ISO 27001:2022 immediately and then apply for Certification Audit for ISO 27001:2022 in 2023? – is this even an option? Or we need to complete the 3-year cycle
Staff training course/certificate completed
ISO 27001: 2013 Lead Auditor Course
ISO 27001:2013 Internal Auditor Course
The question regarding this courses/certificate is in order to have ISO 27001:2022 Certification we will just need to take and course+exam on ISO 27001:2022 Foundation Course?
For example:
ISO 27001:2013 Lead Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Lead Auditor Course Certificate
ISO 27001:2013 Internal Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Internal Auditor Course Certificate
Also, last year 2021, our company purchase ISO 27001:2013 toolkit. Is there an upgrade option to ISO 27001:2022 and/or guidance on what document(s)/process(es) we need to change or document(s)/process(es) we need to create.
Assign topic to the user
1 - The question is
1. Should we start implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024?
or
2. Should we start implementing ISO 27001:2022 immediately and then apply for Certification Audit for ISO 27001:2022 in 2023? – is this even an option? Or we need to complete the 3-year cycle
Answer: Please note that for companies that are already certified against ISO 27001:2013, the transition to ISO 27001:2022 needs to be completed by October 31, 2025.
Considering that, both alternatives are applicable, you should consider available resources (e.g., personnel, money, etc.) and business strategy and objectives to select an alternative.
In case you do not have any urgent reason to make the transition, then you should go for implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024 because in this scenario you will have more time.
2. Staff training course/certificate completed
ISO 27001: 2013 Lead Auditor Course
ISO 27001:2013 Internal Auditor Course
The question regarding this courses/certificate is in order to have ISO 27001:2022 Certification we will just need to take and course+exam on ISO 27001:2022 Foundation Course?For example:
a. ISO 27001:2013 Lead Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Lead Auditor Course Certificate
b. ISO 27001:2013 Internal Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Internal Auditor Course Certificate
Answer: For certification purposes, you will need to consider training and certifications related to the 2022 version of ISO 27001.
Please note that some training providers may offer upgrade courses related to changes in the standard, so you won’t need to go through all the certification processes. You should contact your training provider to clarify this information.
Advisera will offer the ISO 27001:2022 Transition Course for all of its students with ISO 27001:2013 certificates - once this transition course and exam are completed, we will issue the new ISO 27001:2022 certificate - for example, a person having the ISO 27001:2013 Lead Auditor Certificate will receive the ISO 27001:2022 Lead Auditor Certificate.
3. Also, last year 2021, our company purchase ISO 27001:2013 toolkit. Is there an upgrade option to ISO 27001:2022 and/or guidance on what document(s)/process(es) we need to change or document(s)/process(es) we need to create.
Answer: Customers who have bought the toolkit up to one year before the release of the new version of ISO 27001:2022 (October 25th, 2022) will receive the updated documents at no cost. If you purchased the toolkit before that date, we will send you a discount code for the purchase of the 2022 revision of the toolkit.
Comment as guest or Sign in
Nov 08, 2022