Expert Advice Community

Guest

Standard review and recertification cycle

  Quote
Guest
Guest user Created:   May 25, 2017 Last commented:   May 25, 2017

Standard review and recertification cycle

1 - Regarding changes to ISO27001 and 27002 - I see that the last update to ISO27001 was a 2013 revision, and the one prior to that was published in 2005. Can you advise if updates are done on a specific schedule, or on an as needed basis?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 25, 2017

Answer: The review of an ISO standard generally starts 5 years after its release, and this process takes up to 3 years to release a new version. Of course if an industry or community presents a justifiable request this time between reviews may change, but the duration of the review process remains within the 3 years time frame.

2 - Can you advise me how re-certification is achieved?

Answer: For the certification body, the re-certification process is the same as the certification one, the certification auditor will go through all the certification scope during the audit, to verify if all requirements of the standard, as well as the requirements defined by the organization, are in place and working as expected.

For the organization, when the recertification involves the release of a new version of the standard, the re-certification process starts with a gap analysis between the old and the new versions of the standard, so you can identify what has changed and which actions should be done to comply with the new requirements.

After the new requirements are implemented, you have to ensure they are properly operated, controlled and that they achieve the expected results, through internal audit and management review, so you can have the necessary evidences that the new requirements are all properly implemented, and that identified problems are handled through corrective actions.

These articles will provide you further explanation about certification process:
- Surveillance visits vs. certification audits https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 25, 2017

May 25, 2017