ISO/IEC 27001:2022 STANDARD REVISION TRANSITION
The ISO/IEC 27001:2022 standard was published on October 25, 2022. The International Accreditation Forum
(IAF) has
announced the transition conditions for the new version in document MD 26.
According
to the ISO/IEC 27001:2022 standard, the timeline that Aberk QA Technic
and its customers must comply with is as follows;
|
HISTORY |
ACTIVITY |
|
25 October 2022 |
Publication of the ISO/IEC 27001:2022 standard |
|
31 October 2023 |
Alberk QA Technic will have completed its accreditation for certification according to the new version within 12 months after the publication of the standard. |
|
31 October 2023 |
Alberk QA Technic will start receiving the first document applications from its customers in accordance with ISO/IEC 27001:2022. According to TS EN ISO/IEC 27001:2017, it will not conduct initial certification audits or recertification audits. |
|
31 October 2025 |
All certified customers must complete the transition to ISO/IEC 27001:2022. |
The main changes made in the standard;
Editorial changes have been made to the standard. For example :
• Instead of “international standard”, the term “document” is used throughout the standard
• Some English idioms have been rearranged for easier translation.
Normative changes have also been made to ensure compliance with the ISO harmonized approach :
• Numbering has been restructured
• Added the requirement to define the processes and their interactions required to implement the ISMS
• Added requirement to communicate information security-related organizational roles within the organization
• New clause 6.3 – Change Planning has been added
• Added new requirement for the organization to determine how
communication will be carried out in accordance with clause 7.4
• Added new requirements for establishing criteria for operational processes and implementing process control
The ISO/IEC 27001:2022 standard was published on October 25, 2022. The International Accreditation Forum (IAF) has announced the transition conditions for the new version in document MD 26.
The main changes in this revision are given in Annex A, where the changes made in ISO/IEC 27002:2022 are reflected. These changes are given below:
• The structure has been reduced to four basic areas and combined
Instead of 14 fields in the previous edition; Added Organizational, Employees, Physical and Technological fields
• The number of audits listed has been reduced from 114 to 93
Some controls have been merged, some have been removed, new controls have been added, and some controls have been updated.
• The concept of attributes is introduced
These five attributes are presented in accordance with the common terminology used in the context of digital security: Audit type, Information security features, Cyber security concepts, Operational capabilities, and Security domains
To get detailed information about our services, please contact us..
