+31 (0)73 - 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Swedish
Brand Compliance
  • Our story
    • Accreditations, Conditions & Regulations
  • News
  • Contact form
  • What is ISO 27001?
  • ISO 27701 certification & audit
  • GDPR certification & audit
  • Directions
Application certification process
  • About us
    • Accreditations
    • Vacancies
    • Compliment, complaint or tip
    • Privacy Statement
  • Knowledge base
  • News
  • Quality
    • Application certification process
    • ISO 9001 certification & audit
    • ISO 22301 certification
    • Private Lease Quality Mark
    • Network Compliance Audits
    • Gap analysis
  • Information Security
    • Application certification process
    • ISO 19770-1 certification
    • ISO 27001 certification
    • ISO 27017 and ISO 27018 certification
    • Baseline Information Security Government (BIO)
    • NEN 7510 certification
    • ISAE 3402 certification
    • SOC 2 statement
    • Gap analysis
  • Privacy
    • Application certification process
    • Certification standard BC 5701:2022
    • BC 5701 (GDPR) certification
    • ISO 27701 certification
    • Gap analysis
  • Academy
    • Free online training course ISO 27001:2022
    • ISO 27001 Lead Implementer training course (version ISO 27001:2022)
    • ISO/IEC 19770-1 Practitioner course
    • Inhouse Training ISO 27001 Lead Implementer
    • Operational Cyber Security using IEC 62443 (OT security)
    • Implementation training BC 5701 (GDPR)
    • Request training
  • Contact
    • Contact Form
    • Application certification process
    • Introductory meeting
    • Directions

Certification process

  • How long does ISO certification take?
  • What is a certification cycle?
  • Applying for a certification process
  • Certification processes with multiple locations
  • Initial audit Stage 1
  • Initial audit Stage 2
  • Nonconformities management system
  • Certificate suspended or revoked? This is how you solve it!

Transfer of certification

  • Transfer of certification

Logo use

  • The use of certification logos

General

  • The Brand Compliance glossary
  • What is a management system?
  • Tips to describe a proper scope
  • Accreditation versus certification
  • The differences between ISO 27001 and NEN 7510

ISO 27001:2022

  • ISO 27001:2022 – FAQ transition
  • ISO 27001:2022 – Transition process

ISO 27001:2022 – FAQ transition

Content
  • Which topics are assessed during the transition audit?
  • What should be included in the gap analysis?
  • Should a new internal audit be performed after implementation of the changes?
  • Should a new management review be carried out after implementation of the changes?
  • Can the auditor identify nonconformities in a transition audit and what are the consequences for the transition?
  • Until what date can initial audits and recertifications be performed against the old version of ISO 27001?
  • After the transition audit, how long will it take to receive the new certificate?
  • How does the transition work with certification on multiple standards? (e.g. ISO 27001:2022 with NEN 7510:2017)
    • Additional information

ISO 27001:2022 - FAQ Which topics are assessed during the transition audit? #

As a minimum requirement, the transition audit will consist of an assessment of:

  • the gap analysis (more info see question 2);
  • the resulting changes in the management system;
  • the amendments to the statement of applicability;
  • any adjustments to the risk treatment plan;
  • the implementation of new or modified control measures;
  • the effective functioning of these control measures.

Logically, the auditor therefore assesses all sections from H4 to H10 of the standard that have been amended, all new or amended controls, the internal audit activities and the management review.

What should be included in the gap analysis? #

There are no fixed requirements for the content of a gap analysis. It is important that during the transition audit it can be demonstrated that an organization has insight into the changes of ISO 27001:2022 compared to ISO 27001:2017, which actions result from these changes, how these actions are planned, how these actions have been implemented and how the organization has determined whether the changes have been effectively implemented in the management system.

Should a new internal audit be performed after implementation of the changes? #

An organization must determine whether the changes from ISO 27001:2022 compared to ISO 27001:2017 have been effectively implemented in the management system. The internal audit process is a means of assessing this effectiveness.

Should a new management review be carried out after implementation of the changes? #

An organization must determine whether the changes from ISO 27001:2022 compared to ISO 27001:2017 have been effectively implemented in the management system. The management review process is a means of evaluating effectiveness.

Can the auditor identify nonconformities in a transition audit and what are the consequences for the transition? #

It is possible that during the transition audit, the auditor determines that certain requirements are not met. The auditor then writes a nonconformity. If nonconformities are found, you will be given a term to deal with them. When the conditions of ISO 27001:2022 are met, the time has come for you to receive a new certificate! The ISO 27001:2022 certificate will contain the same expiration date as your current certificate.

Until what date can initial audits and recertifications be performed against the old version of ISO 27001? #

From November 1, 2023, initial audits and recertifications against ISO 27001:2017 can no longer be performed.

After the transition audit, how long will it take to receive the new certificate? #

After the transition audit, the auditor draws up a report. The audit report is reviewed internally, before it is sent to you. When nonconformities have been identified, so-called ‘nonconformity forms’ are prepared for you so that you can fill them in.

After any nonconformities have been resolved to the satisfaction of your auditor, the auditor will nominate you for certification. This nomination goes to a so-called certification committee, which once again independently assesses your file. If the certification committee comes to the same conclusion as the auditor, the file is transferred to the certification decision maker for a final decision. Once this decision has been made, a certificate will be drawn up based on the information from the audit report.

How does the transition work with certification on multiple standards? (e.g. ISO 27001:2022 with NEN 7510:2017) #

You can have the transition audit take place in combination with another standard, for example NEN 7510. However, for ISO 27001, the new controls in Annex A of the 2022 version are examined, while for the NEN 7510:2017, the controls from Annex A of the 2017 version are still being considered.

Additional information #

For customers already certified for ISO 27001, we have published the transition process from the current to the new standard in the knowledge base on our website. Also see the news article on the ISO 27001 accreditation.

If you have any questions regarding this news item, please contact us via info@brandcompliance.com or +31 (0)73 220 2000.

Updated on 7 February 2023
ISO 27001:2022 – Transition process
Content
  • Which topics are assessed during the transition audit?
  • What should be included in the gap analysis?
  • Should a new internal audit be performed after implementation of the changes?
  • Should a new management review be carried out after implementation of the changes?
  • Can the auditor identify nonconformities in a transition audit and what are the consequences for the transition?
  • Until what date can initial audits and recertifications be performed against the old version of ISO 27001?
  • After the transition audit, how long will it take to receive the new certificate?
  • How does the transition work with certification on multiple standards? (e.g. ISO 27001:2022 with NEN 7510:2017)
    • Additional information

Search

Brand Compliance B.V.

Hambakenwetering 8D2
5231 DC ‘s-Hertogenbosch

+31 (0)73 220 2000
info@brandcompliance.com

Chamber of Commerce nr.: 32101659
VAT nr.: NL8130.78.854.B01

Brand Compliance Belgie B.V.

Uitbreidingstraat 66
2600 Berchem (Antwerpen)

+32 (0)14 48 0730
be-info@brandcompliance.com

VAT nr.: BE0735.675.516

Brand Compliance Nordics AB

Vasagatan 16
SE-111 20 Stockholm

+46 73 157 7805
info@brandcompliance.com

Org.nr: 559238-1387

© Copyright 2023 Brand Compliance