ISO 27001, like other ISO management standards, is reviewed every five years (the last review was in 2019 when version 2013 was confirmed as the current version), so the review for the next version of the standard can be expected to start in 2024.
Thank you for the information. I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification? Are there any annual certification fees? I just want to get my expectations in place.
1 - I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification?
Answer: To keep your ISMS certification, you need to maintain the ISMS and undergo surveillance audits at scheduled times, or your certification will be suspended, and in case of prolonged delay (that will be less than two years), the certification will be canceled, and you will need to undergo all the certification process again.
2 - Are there any annual certification fees? I just want to get my expectations in place.
Answer: Costs related to surveillance audits need to be questioned directly to your certification body. Normally contracts with certification bodies are set considering a full certification cycle (i.e., certification audit and surveillance audits), so this information about costs may be included in the contract clauses (the recertification cost is similar to the certification cost).
Additional costs you need to pay attention are related to the auditor’s travel costs (if he or she is out of your town), as the client will be responsible for his or her lodging, and the auditors’ fee related to his or her experience in the client's industry because their feedback is considered more valuable.