Revision of assignment
I’ve worked hard to document processes and policies but I’m afraid that our organisation might not be ready in time for the revision. That might lead to us having to update our documentation according to the 2022 version and therefore be even more delayed. I do understand that we will have to update eventually but I had hoped that we would be certified by this summer.
A question might be, if I have documented a process but we are not quite there yet practically, would it be an idea to identify this in a risk analysis with a timeframe? If it is not a critical risk that is.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First is important to note that, as part of the transition period, an organization can still certify against ISO 27001:2013 until October 31, 2023, so considering you wanted to be certified by this summer, this deadline may give you the extra time you need.
In case you are not fully compliant with some of your documents, you can postpone their implementation until after the certification audit under the following conditions: (1) if the document is not related to the main part of the standard (clauses 4 to 10), (2) if the related risks are not very high, (3) if you mark related risks as "Accepted" in the Statement of Applicability, and (4) if in the Risk Treatment Plan you define the deadline for the implementation of this document for after the certification audit.For further information, see:
- ISO 27001 2013 vs. 2022 revision – What has changed? https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
Comment as guest or Sign in
Jan 11, 2023