The ISO/IEC 27001:2013 standard has expired with the publication of the ISO/IEC 27001:2022 version on October 25, 2022. Our organizations certified under this standard are required to make a transition plan by taking the following into consideration and report this situation to PCA Certification after they have performed the standard transition.
a. The gap analysis of ISO/IEC 27001:2022, as well as the need for changes to the client’s ISMS.
b. The updating of the statement of applicability (SoA).
c. If applicable, the updating of the risk treatment plan.
d. The implementation and effectiveness of the new or changed information security controls chosen by the clients.