Guest
Recording changes when making a transition to ISO 27001:2013
If you are already certified according to ISO 27001:2005 and now you have an surveillance audit that plans to audit against ISO 27001:2013, my question is: do you record all the changes made to the ISMS as improvements ? or you just start making changes and recoding in the relevant change history section of each document?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In my view, when you make the transition to a new revision of the standard, these are not improvements - therefore, you should simply record all the changes in Change history of each document you updated.
See also this article: How to make a transition from ISO 27001 2005 revision to 2013 revision https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016