Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Request for guidance

  Quote
Guest
Guest user Created:   Jun 20, 2023 Last commented:   Jun 20, 2023

Request for guidance

I frequently come across an article that I find extremely helpful, and now I would greatly appreciate your guidance on the following matter. Our organization has already implemented ISO 27001:2013, a new version has been introduced. Currently, I have a Statement of Applicability (SOA) that is based on 114 controls from ISO 27002:2013. My question is whether I should create a new SOA consisting of 93 controls in accordance with ISO 27002:2022, and subsequently make the necessary updates on my current SOA . Your advice and support in this matter would be greatly appreciated.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 20, 2023

To be compliant with the 2022 revision of ISO 27001, you need to make a new Statement of Applicability with 93 controls.

From your question, it is not clear if your Information Security Management System (ISMS) is certified or not. In case you are searching for certification, you can certify your ISMS against ISO 27001:2013 until October 31, 2023, and there is no need to change your SoA. For certifying after October 31, 2023, you need to be compliant with ISO 27001:2022, and for that, you will need to update your SoA to the 93 control version. 

For further information, see:

This material can also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 20, 2023

Jun 20, 2023

Suggested Topics

Guest user Created:   Feb 15, 2023 ISO 27001 & 22301
Replies: 1
0 0

Request for Guidance

Guest user Created:   May 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Non-Conformity in RR