ISO 27001:2013 to ISO 27001:2022 Conversion Tool
The tool shows ISO27001:2013 A.18.2.3 splitting between ISO27001:2022 A5.36 A8.8 when you convert it but the tool shows it subsuming into A8.8 when you convert 2013:A.12.6.1 (doesn't mention the split). Can you clarify? Thank you
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First of all, thanks for this feedback.
Please note that this tool follows the ISO 27002 guideline about merging and splitting controls from ISO 27001 Annex A.
Considering that, the converted output for control A.12.6.1 (i.e., control A.8.8) does not mention the split of control A.18.2.3 because this information is not relevant for presenting that information from controls A.12.6.1 and A.18.2.3 are now included in the new control A.8.8 (i.e., it is not necessary to explain that only part of one control is included in the new control, this only would complicate things).
Comment as guest or Sign in
Jun 13, 2023