ISO 27001 2013 vs. 2022 revision
A company is going for its first year ISO 27001 surveillance audit based on ISO 27001:2013. I have been appointed to perform its internal audit. Kindly advise if we should cater for the 2022 revision during my audit. If yes, in which section and how.
Assign topic to the user
Since the company is compliant with ISO 27001:2013, you should use the 2013 version for the audit, but you also can ask them about their planning for migrating to the 2022 version, because their re-certification will most probably be against the 2022 version.
For further information, see:
- ISO 27001 2013 vs. 2022 revision – What has changed? https://advisera.com/27001academy/blog/2022/10/25/iso-27001-iso-27002/
Comment as guest or Sign in
Aug 10, 2023