New version of ISO 27001 standard
Do you know when the standard is up for changes so I can be a little better prepared?
Assign topic to the user
ISO 27001, like other ISO management standards, is reviewed every five years (the last review was in 2019 when version 2013 was confirmed as the current version), so the review for the next version of the standard can be expected to start in 2024.
At ISO 27001:2013 site (https://www.iso.org/standard/54534.html) you can track the status of the current version.
Thank you for the information. I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification? Are there any annual certification fees? I just want to get my expectations in place.
1 - I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification?
Answer: To keep your ISMS certification, you need to maintain the ISMS and undergo surveillance audits at scheduled times, or your certification will be suspended, and in case of prolonged delay (that will be less than two years), the certification will be canceled, and you will need to undergo all the certification process again.
For further information, see this material:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/
2 - Are there any annual certification fees? I just want to get my expectations in place.
Answer: Costs related to surveillance audits need to be questioned directly to your certification body. Normally contracts with certification bodies are set considering a full certification cycle (i.e., certification audit and surveillance audits), so this information about costs may be included in the contract clauses (the recertification cost is similar to the certification cost).
Additional costs you need to pay attention are related to the auditor’s travel costs (if he or she is out of your town), as the client will be responsible for his or her lodging, and the auditors’ fee related to his or her experience in the client's industry because their feedback is considered more valuable.
Comment as guest or Sign in
Dec 15, 2020