What is the ISO 27001:2022 revision?
ISO usually updates its standards every few years. ISO 27001:2022 is the latest version (or revision) of the standard published on October 25, 2022. It replaced the previous one, named ISO 27001:2013, after its last update in 2013.
What exactly has changed in ISO 27001:2022?
The main part of ISO 27001, i.e., clauses 4 to 10, did not change significantly. These clauses include the scope, interested parties, context, Information Security Policy, risk management, resources, training and awareness, communication, document control, monitoring and measurement, internal audit, management review, and corrective actions.
Only the security controls listed in ISO 27001 Annex A have been significantly updated.
The changes are generally moderate and were made primarily to simplify the implementation. The number of controls has decreased from 114 to 93, and they are placed in four sections instead of the previous 14. There are 11 new controls, while none of the controls were deleted, and many controls were merged. For more about these new controls and their requirements, read the article Detailed Explanation of 11 new security controls in ISO 27001:2022.
What has changed in Conformio?
The Risk Register and Statement of Applicability modules have been updated to reflect the ISO 27001:2022 Annex A controls, including automatic suggestions of implementation methods for new and changed controls.
As a result of these updates to controls, some documents and related modules like the Register of Requirements and the Internal Audit will be adapted to ensure full compatibility with the updated standard.
How do I choose the revision in Conformio?
Currently, the automatic revision choice for new accounts is the 2022 revision. If you explicitly want the 2013 revision, you can arrange this before you create your account by contacting Conformio Support. Note that once you make this selection, you cannot change it, as it affects essential parts of Conformio, such as the Risk Register and Statement of Applicability.
If you choose the 2013 revision, you will be able to transition to revision 2022 after you complete all the implementation steps.
When will my Conformio account be updated to the 2022 revision?
If you are in the middle of the implementation (or already certified), you have a lot of time to upgrade, as ISO allows three years to transition to the new 2022 revision. Certification bodies will only start working with the 2022 revision at some point in 2023.
It will be entirely up to you to decide when exactly you will transition to the 2022 version of the standard within Conformio. To start the transition to the 2022 version, contact our support team to organize a call to give you all the details and plan the transition process.
Which version should we implement if we are only starting?
As of March 2023, it makes sense only to implement the 2022 version of the standard.
What do we do if we have already started the implementation using the ISO 27001:2013 revision?
You can finish implementing the current 2013 version and transition to the new 2022 version when you need to.
If you have not yet completed many Conformio steps and would like to restart using the 2022 version, please write to our support team, and we will help you start from the beginning using the new version.
How will the transition from version 2013 to version 2022 work?
The transition will only take you a couple of hours and will be completely free of charge. You will be able to start the transition when you are ready. Nothing in Conformio will be changed on its own without your consent and involvement.
Conformio support team will provide you with access to an upgraded account where you will review the changes automatically applied by Conformio (such as the updated risks treatment and Statement of Applicability) and then be able to complete the necessary missing information.
What do we need to know if we’re already certified?
You need to transition to the new 2022 revision before your next surveillance or recertification audit. We recommend clarifying with your certification body when to switch from the 2013 to the 2022 version.
If you are not currently using Conformio but are interested in using it hassle-free to update to the new ISO 27001:2022 revision, we can help you transition your existing ISMS to Conformio. Set up a free consultation here.