Hope you are doing great today!!
A quick question please.
2017 my organization's ISO 27K certificate got expired. The current management is interested to renew it now.
So just wanted to know if it is just a renewal or do I need to go for a full implementation cycle.
Also, the certificate that got expired in 2017 is ISO 27001:2005. So, in that case I think it is better to go for a fresh implementation. I would like to get some advise from you on this.
Since your previous certification has expired, you need to go through all the certification processes again (i.e., first a certification audit, followed by surveillance audits).
Compared to ISO 27001:2005, ISO 27001:2013 has significant differences only in Annex A (security controls), so you do not need to consider a full fresh implementation (i.e., documents related to main clauses from sections 4 to 10 will need only some adjustments).