Expert Advice Community

Guest

Revision of assignment

  Quote
Guest
Guest user Created:   Jan 11, 2023 Last commented:   Jan 11, 2023

Revision of assignment

I’ve worked hard to document processes and policies but I’m afraid that our organisation might not be ready in time for the revision. That might lead to us having to update our documentation according to the 2022 version and therefore be even more delayed. I do understand that we will have to update eventually but I had hoped that we would be certified by this summer.

A question might be, if I have documented a process but we are not quite there yet practically, would it be an idea to identify this in a risk analysis with a timeframe? If it is not a critical risk that is.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 11, 2023

First is important to note that, as part of the transition period, an organization can still certify against ISO 27001:2013 until October 31, 2023, so considering you wanted to be certified by this summer, this deadline may give you the extra time you need.

In case you are not fully compliant with some of your documents, you can postpone their implementation until after the certification audit under the following conditions: (1) if the document is not related to the main part of the standard (clauses 4 to 10), (2) if the related risks are not very high, (3) if you mark related risks as "Accepted" in the Statement of Applicability, and (4) if in the Risk Treatment Plan you define the deadline for the implementation of this document for after the certification audit.For further information, see:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 11, 2023

Jan 11, 2023