radsec Created: May 17, 2022 Last commented: May 22, 2022

New implementation: ISO 27001:2013 + ISO 27002:2022

Hi iso people. I'm in a middle of ISO 27001:2013 implementation. I'm just finishing chapter 9. Now I've read ISO 27002:2022 and I would like to implement the new controls instead of Annex from ISO 27001:2013. Will that get me in trouble if I write that we've decided to use the new set of controls and excluded Annex from 2013 completely?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal May 22, 2022

This will depend on the date you want to be certified. In case you want to be certified before March 2023 - go with 2013 revision, after March 2023 go with 2022 revision.

Please note that after the release of the new version of ISO 27001, any required changes will have a transition period to be implemented (in general this transition period is of two years after a change in a management system standard is released, which is plenty of time to do this transition for most controls).

For further information, see:
- 11 most important facts about changes in ISO 27001/ISO 27002 https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
- Should you start implementing ISO 27001 2013 or 2022 revision? https://advisera.com/insight/chatbot-implement-iso-27001-2013-or-2022-revision/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

May 17, 2022

May 22, 2022

Expert Advice Community