ISO 27001 Certification Transitioning from 2013 version to 2022 - Don't Panic!
2nd June 2024 by Grant McCormick
IAF has published the new Mandatory Document IAF MD 26, ‘Transition Requirements for ISO/IEC 27001:2022’. A simple, concise document, view it here:
IAF_MD_26_Transition_requirements_for_ISOIEC_27001-2022_09082022.pdf
“The impact of the changes in ISO/IEC 27001:2022 is limited to the introduction of a new Annex A” – therefore you will only need to complete a new Statement of Applicability to the new control requirements/listing in said Annexe.
Most of the work will be Cut n Paste as you will already have the controls in place from compliance to the old standard but if you do discover any deficiency against the new information security control listings you will have to fill the Gaps & update your Risk Treatment Plan with the additional controls & implement them.
Most UKAS Certification Bodies won’t be fully ready to assess you against the new standard for up to a year from today & in any case you have up to 3 years to transition.
Don’t leave it until the last minute though & you may even consider being one of the first Certified displays proactive Information Security Awareness & may give some commercial value.
If so, get in touch