Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

New version of ISO 27001 standard

  Quote
Guest
Guest user Created:   Dec 11, 2020 Last commented:   Dec 15, 2020

New version of ISO 27001 standard

Do you know when the standard is up for changes so I can be a little better prepared?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Dec 11, 2020

ISO 27001, like other ISO management standards, is reviewed every five years (the last review was in 2019 when version 2013 was confirmed as the current version), so the review for the next version of the standard can be expected to start in 2024.

At ISO 27001:2013 site (https://www.iso.org/standard/54534.html) you can track the status of the current version.

Quote
0 0
Guest
Guest user Dec 11, 2020

Thank you for the information. I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification? Are there any annual certification fees? I just want to get my expectations in place.

Quote
0 0
Expert
Rhand Leal Dec 15, 2020

1 - I just want to confirm until the standard goes through the next version there is nothing I need to do on annual basis to maintain my certification? 

Answer: To keep your ISMS certification, you need to maintain the ISMS and undergo surveillance audits at scheduled times, or your certification will be suspended, and in case of prolonged delay (that will be less than two years), the certification will be canceled, and you will need to undergo all the certification process again.

For further information, see this material:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/01iso-22301-certification-process-free-webinar-demand/
- How to choose a certification body https://advisera.com/blog/2021/01/11/how-to-choose-an-iso-certification-body/ 
- ISO 27001 Certification: What’s next after receiving the audit report? https://advisera.com/27001academy/blog/2015/05/18/iso-27001-certification-whats-next-after-receiving-the-audit-report/

2 - Are there any annual certification fees? I just want to get my expectations in place.

Answer: Costs related to surveillance audits need to be questioned directly to your certification body. Normally contracts with certification bodies are set considering a full certification cycle (i.e., certification audit and surveillance audits), so this information about costs may be included in the contract clauses (the recertification cost is similar to the certification cost).

Additional costs you need to pay attention are related to the auditor’s travel costs (if he or she is out of your town), as the client will be responsible for his or her lodging, and the auditors’ fee related to his or her experience in the client's industry because their feedback is considered more valuable.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Dec 11, 2020

Dec 15, 2020

Suggested Topics