Expert Advice Community

Guest

How can we move to 27001?

  Quote
Guest
Guest user Created:   Jul 14, 2022 Last commented:   Jul 14, 2022

How can we move to 27001?

I have a question regarding the effort to move from the old version of 27001:2013 to the new one. What effort / resources shall we plan ? We have implemented 27001:2013 since 10 years…Do you have a guideline how to proceed?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 14, 2022

First is important to note that the main clauses of ISO 27001:2013 (i.e., clauses 4 to 10) are still valid. The 2013 version of the standard was confirmed in 2019, and the new version of the standard, expected to be published still in this year, will have modifications only related to Annex A.

Although the total number of controls had been reduced from 114 to 93, none of the old controls have been excluded (most of them have been merged), and you only have 11 new controls.

Considering that, in case you are currently compliant with ISO 27001:2013, your main effort will be on reviewing risks and legal requirements to check if these new controls need to be considered in your implementation.

The effort to transition to the 2022 revision is probably 10 to 20% of the time you needed to initially implement ISO 27001; alternatively, this effort can be cca 5% if you are using a tool like Conformio. Click here for more information: https://advisera.com/27001academy/iso-27001-transition-package/

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 14, 2022

Jul 14, 2022

Suggested Topics