Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
1. ISO 27001:2022
How will the new ISO 27001:2022 affect Conformio and created policy documents? Is it wise to already aim for certification against the new standard? Does it make sense to already start implementing the new version and not the old one?
We will start developing an update of both the documents and SoA as soon as the new changes are published and aligned with the ISO 27001.
A new version of ISO 27001 is expected to be released by the second half of 2022, reflecting the changes of the new ISO 27002 in its Annex A, so you should go for the existing set of controls if you plan to finish the implementation in the next 3 to 6 months. Otherwise, you should go for the new set of controls, to avoid reworking on adapting implemented controls to the new version of ISO 27001 Annex A.
In case your organization is already certified, there will be a transition time before the new ISO 27001 becomes mandatory (generally the transition time is 2 years), so immediate certification against the new standard will not be necessary.
For further information, see:
- 11 most important facts about changes in ISO 27001/ISO 27002 https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
2. ISO 27001 marketing
In a video accessible from Conformio, there's a statement that the time for the project manager is 0,5 day/week. That seems like too little to me if it also assumes doing consulting and guiding the organization through the certification process, such as reading, preparing, reviewing and approving documents, or performing the risk assessment and drafting implementation plans for controls. Also such statements undermine the work of project managers and consultants. What is the use of being a Lead Implementer or of all the information on your website if e.g. a secretary could run the project?
Please note that Advisera’s approach with Conformio and documentation toolkits is to allow organizations to implement the ISMS by themselves (documents are almost 90% complete and required minimal customization to cover organizations’ needs), so the main role of the project manager in this scenario is to review organizations’ teams work and make corrections when needed.
The role of the consultant with the Lead Implementer course is useful when an organization asks for a more customized implementation of ISO 27001.
For further information, see:
- Who should be your project manager for ISO 27001/ISO 22301? https://advisera.com/27001academy/blog/2014/12/01/who-should-be-your-project-manager-for-iso-27001-iso-22301/
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/
Comment as guest or Sign in
Feb 16, 2022