Compliance with ISO 27001:2022

1 - The question is 

1.       Should we start implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024? 

or 

2.       Should we start implementing ISO 27001:2022 immediately and then apply for Certification Audit for ISO 27001:2022 in 2023? – is this even an option? Or we need to complete the 3-year cycle 

Answer:   Please note that for companies that are already certified against ISO 27001:2013, the transition to ISO 27001:2022 needs to be completed by October 31, 2025.

Considering that, both alternatives are applicable, you should consider available resources (e.g., personnel, money, etc.) and business strategy and objectives to select an alternative.

In case you do not have any urgent reason to make the transition, then you should go for implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024 because in this scenario you will have more time.

2. Staff training course/certificate completed

ISO 27001: 2013 Lead Auditor Course 
ISO 27001:2013 Internal Auditor Course
The question regarding this courses/certificate is in order to have ISO 27001:2022 Certification we will just need to take and course+exam on ISO 27001:2022 Foundation Course?

For example:

a.       ISO 27001:2013 Lead Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Lead Auditor Course Certificate 

b.       ISO 27001:2013 Internal Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Internal Auditor Course Certificate 

Answer: For certification purposes, you will need to consider training and certifications related to the 2022 version of ISO 27001.

Please note that some training providers may offer upgrade courses related to changes in the standard, so you won’t need to go through all the certification processes. You should contact your training provider to clarify this information. 

Advisera will offer the ISO 27001:2022 Transition Course for all of its students with ISO 27001:2013 certificates - once this transition course and exam are completed, we will issue the new ISO 27001:2022 certificate - for example, a person having the ISO 27001:2013 Lead Auditor Certificate will receive the ISO 27001:2022 Lead Auditor Certificate.

3.  Also, last year 2021, our company purchase ISO 27001:2013 toolkit. Is there an upgrade option to ISO 27001:2022 and/or guidance on what document(s)/process(es) we need to change or document(s)/process(es) we need to create.

Answer: Customers who have bought the toolkit up to one year before the release of the new version of ISO 27001:2022 (October 25th, 2022) will receive the updated documents at no cost. If you purchased the toolkit before that date, we will send you a discount code for the purchase of the 2022 revision of the toolkit.