Thank you for your email.
I have a few questions that you might be able to answer with regards to what we currently have and what do we need to fully comply with ISO 27001:2022
Our current situation are follows:
ISO 27001:2013 is valid from August 2021 to August 2024
First Surveillance/Maintenance Audit was completed
2nd Surveillance/Maintenance Audit is schedule for 2023
Recertification Audit is scheduled for 2024
The question is
Should we start implementing ISO 27001:2022 after the 2nd Surveillance/Maintenance Audit for ISO 27001:2013 and then apply for Certification Audit for ISO 27001:2022 in 2024?
Should we start implementing ISO 27001:2022 immediately and then apply for Certification Audit for ISO 27001:2022 in 2023? – is this even an option? Or we need to complete the 3-year cycle
Staff training course/certificate completed
ISO 27001: 2013 Lead Auditor Course
ISO 27001:2013 Internal Auditor Course
The question regarding this courses/certificate is in order to have ISO 27001:2022 Certification we will just need to take and course+exam on ISO 27001:2022 Foundation Course?
ISO 27001:2013 Lead Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Lead Auditor Course Certificate
ISO 27001:2013 Internal Auditor Course + ISO 27001:2022 Foundation Course = ISO 27001:2022 Internal Auditor Course Certificate
Also, last year 2021, our company purchase ISO 27001:2013 toolkit. Is there an upgrade option to ISO 27001:2022 and/or guidance on what document(s)/process(es) we need to change or document(s)/process(es) we need to create.