Expert Advice Community

Guest

Compliance with ISO 27001:2022

  Quote
Guest
Guest user Created:   Nov 08, 2022 Last commented:   Nov 08, 2022

Compliance with ISO 27001:2022

Hi Dejan, 

Thank you for your email. 

I have a few questions that you might be able to answer with regards to what we currently have and what do we need to fully comply with ISO 27001:2022 

Our current situation are follows: 

ISO 27001:2013 is valid from August 2021 to August 2024 
First Surveillance/Maintenance Audit was completed 
2nd Surveillance/Maintenance Audit is schedule for 2023 
Recertification Audit is scheduled for 2024 

The question is 

Should we start implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024? 

or 

Should we start implementing ISO 27001:2022 immediately and then apply for Certification Audit for ISO 27001:2022 in 2023? – is this even an option? Or we need to complete the 3-year cycle 
  

Staff training course/certificate completed 
ISO 27001: 2013 Lead Auditor Course 
ISO 27001:2013 Internal Auditor Course 
The question regarding this courses/certificate is in order to have ISO 27001:2022 Certification we will just need to take and course+exam on ISO 27001:2022 Foundation Course? 

For example: 

ISO 27001:2013 Lead Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Lead Auditor Course Certificate 

ISO 27001:2013 Internal Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Internal Auditor Course Certificate 

Also, last year 2021, our company purchase ISO 27001:2013 toolkit. Is there an upgrade option to ISO 27001:2022 and/or guidance on what document(s)/process(es) we need to change or document(s)/process(es) we need to create. 

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 08, 2022

1 - The question is 

1.       Should we start implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024? 

or 

2.       Should we start implementing ISO 27001:2022 immediately and then apply for Certification Audit for ISO 27001:2022 in 2023? – is this even an option? Or we need to complete the 3-year cycle 

Answer:   Please note that for companies that are already certified against ISO 27001:2013, the transition to ISO 27001:2022 needs to be completed by October 31, 2025.

Considering that, both alternatives are applicable, you should consider available resources (e.g., personnel, money, etc.) and business strategy and objectives to select an alternative.

In case you do not have any urgent reason to make the transition, then you should go for implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024 because in this scenario you will have more time.

2. Staff training course/certificate completed

ISO 27001: 2013 Lead Auditor Course 
ISO 27001:2013 Internal Auditor Course
The question regarding this courses/certificate is in order to have ISO 27001:2022 Certification we will just need to take and course+exam on ISO 27001:2022 Foundation Course?

For example:

a.       ISO 27001:2013 Lead Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Lead Auditor Course Certificate 

b.       ISO 27001:2013 Internal Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Internal Auditor Course Certificate 

Answer: For certification purposes, you will need to consider training and certifications related to the 2022 version of ISO 27001.

Please note that some training providers may offer upgrade courses related to changes in the standard, so you won’t need to go through all the certification processes. You should contact your training provider to clarify this information. 

Advisera will offer the ISO 27001:2022 Transition Course for all of its students with ISO 27001:2013 certificates - once this transition course and exam are completed, we will issue the new ISO 27001:2022 certificate - for example, a person having the ISO 27001:2013 Lead Auditor Certificate will receive the ISO 27001:2022 Lead Auditor Certificate.

3.  Also, last year 2021, our company purchase ISO 27001:2013 toolkit. Is there an upgrade option to ISO 27001:2022 and/or guidance on what document(s)/process(es) we need to change or document(s)/process(es) we need to create.

Answer: Customers who have bought the toolkit up to one year before the release of the new version of ISO 27001:2022 (October 25th, 2022) will receive the updated documents at no cost. If you purchased the toolkit before that date, we will send you a discount code for the purchase of the 2022 revision of the toolkit. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 08, 2022

Nov 08, 2022

Suggested Topics