In recent 2022, ISO 27001 and ISO 27002 are being updated. Let’s know some important points about the changes that can help you later.
1) What are the changes made in ISO 27001:2022 and ISO 27002:2022?
Clauses 4 to 10, which are the main part of ISO 27001, are not going to change. Only the changes are made in security controls listed in ISO 270001 Annex A and ISO 27002. The changes are mostly made to simplify the implementations. The number of controls has decreased from 114 to 93. Previously, they were placed in 14 sections, but now they will be placed in only four sections. Though none of the controls is deleted, 11 new controls have been introduced.
The changes in ISO 27001:2022 Annex will completely align with the changes in ISO 27002:2022.
2) What is the difference between ISO 27001 and ISO 27002?
The main difference between these two is that
ISO 27001 is the main standard against which the companies can get certified. On the other hand, 27002:2022 is a supporting standard against which the companies cannot get certified.
Annex A ISO 27001 mentions a list of the security controls but does not explain the implementation. ISO 27002 offers both.
3) When changes are going to take place?
ISO 27002 was updated on February 15, 2022, and Annex A of ISO 27001 will be aligned with the same. On the other hand, the upgrade date of ISO 27001 Annex A is still not announced, but it will happen sometime during 2022.
4) Should we wait to start implementing ISO 27001?
If your potential client requires certification, you should start as soon as possible, but if you have the option to wait for the project until the end of 2022, you can wait for further updates. In short, the decision depends on your situation, not on the standards.
5) If we start now with ISO 27001 implementation, do we go with the old or new set of controls?
As the changes in ISO 27001 are still not declared, you start with the existing controls if you start now. You’ll also have a lot of time later to update your documentation for the new controls as well.
6) Do we need to change the documentation if we have already implemented ISO 27001?
Technically, you would not need any changes, but you would need to change the documentation. As these changes are not huge, it is advised not to delete any existing documents. Rather, you can update your risk treatment process with the new controls or update your statement of applicability. You can also just adapt some sections in your existing policies as well.
7) When do we need to change our documentation?
The transition period is not declared, but we can estimate that it will probably be two years from the date of the official declaration of the ISO 27001:2022 update.
8) Will the certification body check changes in the documentation?
If the company is certified, the certification body will check whether you have adopted your documentation within the transition period or not.
9) What does this change mean for my ISO 27001 Lead Auditor / Lead Implementer certificate?
Your personal ISO 27001 certificates will be valid as the main part of ISO 27001 will not change, and you will not need any further training.
10) When will IEMLabs update its products because of these changes?
We will update all our products, services, and online courses shortly after the updated ISO 27001 is published.
11) Will IEMLabs help transition to the new updates of ISO 27001?
Yes, we will make the transition easy for existing customers, and also we will publish webinars and pieces of articles on this topic.
For automatic compliance with ISO 27001/ISO 27002 security controls, you can join IEMLabs now. The Company will help you transit from the old set of controls to the new ones without any hazards.
Get ISO Compliance Services in Kolkata with best support team.