FAQs about the ISO 27001 2022 revision in Conformio
What is the ISO 27001 2022 revision?
ISO usually updates its standards every few years. ISO 27001:2022 is the latest version (or revision) of the standard that was published on October 25, 2022. It replaced the previous one, named ISO 27001:2013 after its last update in 2013.
What exactly has changed in ISO 27001:2022?
The main part of ISO 27001, i.e., clauses 4 to 10, have not changed significantly. These clauses include the scope, interested parties, context, Information Security Policy, risk management, resources, training and awareness, communication, document control, monitoring and measurement, internal audit, management review, and corrective actions.
Only the security controls listed in ISO 27001 Annex A have been significantly updated.
In general, the changes are only moderate and were made primarily to simplify the implementation: The number of controls has decreased from 114 to 93, and they are placed in four sections instead of the previous 14. There are 11 new controls, while none of the controls were deleted, and many controls were merged. For more about these new controls and their requirements, read the article Detailed explanation of 11 new security controls in ISO 27001:2022.
What has changed in Conformio?
The Risk Register and Statement of Applicability modules have been updated to reflect the ISO 27001:2022 Annex A controls, including automatic suggestions of implementation methods for new and changed controls.
As a result of these updates to controls, some documents will be adapted, as well as some related modules like the Register of Requirements and the Internal Audit, to ensure full compatibility with the updated standard.
How do I choose the revision in Conformio?
The choice of which revision to use can be selected only when creating a new Conformio account. Once you make this selection you cannot change it, as it affects important parts of Conformio such as the Risk Register and Statement of Applicability.
If you choose revision 2013 you will be able to transition to revision 2022 after you complete all the implementation steps.
When will my Conformio account be updated to the 2022 revision?
If you are in the middle of the implementation (or already certified), you have a lot of time to upgrade, as ISO is allowing three years to transition to the new 2022 revision. Certification bodies will only start working with the 2022 revision at some point in 2023.
It will be entirely up to you to decide when exactly you will transition to the 2022 version of the standard within Conformio. The option to transition your 2013 implementation will be made available in Conformio in 2023.
Which version should we implement if we are only starting?
This decision depends on how quickly you need the ISO 27001 certificate.
If your existing or potential client expects you to get certified, then you should start as soon as possible. If you plan to get certified before March 2023, then you should use the 2013 version, but if you plan to get certified after March 2023, then you can start now with the 2022 version.
What do we do if we already started the implementation using the ISO 27001 2013 revision?
You can simply finish implementing the current 2013 version, and transition to the new 2022 version when you need to.
If you have not yet completed many Conformio steps, and you would like to restart using the 2022 version, please write to our support team and we will help you restart from the beginning using the new version.
How will the transition from version 2013 to version 2022 work?
The transition will only take you a couple of hours and will be completely free of charge. You will be able to start the transition when you are ready – for example, before your first surveillance audit in 2023. Nothing in Conformio will be changed on its own without your consent and involvement.
An easy-to-use Transition Wizard will present the exact tasks and then guide you step-by-step through reviewing and approving all suggested changes – prepared by our industry experts based on the updated Annex A controls.
Conformio will automatically create necessary tasks, update documents, and guide you through the relevant steps to ensure that you are fully prepared for your next audit.
What do we need to know if we’re already certified?
You will simply need to transition to the new 2022 revision before your next audit in 2023.
If you are not currently using Conformio, but are interested in using it as a hassle-free way to update to the new ISO 27001 2022 revision, we can help you transition your existing ISMS to Conformio. Set up a free consultation here.