Hi iso people.
I'm in a middle of ISO 27001:2013 implementation. I'm just finishing chapter 9.
Now I've read ISO 27002:2022 and I would like to implement the new controls instead of Annex from ISO 27001:2013.
Will that get me in trouble if I write that we've decided to use the new set of controls and excluded Annex from 2013 completely?
This will depend on the date you want to be certified. In case you want to be certified before March 2023 - go with 2013 revision, after March 2023 go with 2022 revision.
Please note that after the release of the new version of ISO 27001, any required changes will have a transition period to be implemented (in general this transition period is of two years after a change in a management system standard is released, which is plenty of time to do this transition for most controls).