It’s all change with the ISO27001 standard, as the new 2022 update is released, and here at CertiKit we’ve been working hard to bring you an exciting new version of our popular ISO27001 Toolkit that takes full account of the changes.
The new version of the standard reflects ISO’s desire to make the management system requirements match up with the latest Annex SL structure and wording, and the need to align Annex A of the standard with the 2022 version of the ISO27002 guidance. Our earlier blog “The New ISO27001:2022 Standard is Published” explains in detail what these changes consist of and what the next steps are for certified, and non-certified organizations, so we won’t repeat this information here.
The changes to the management system are relatively minor but we have of course updated all of the relevant documents (such as the Gap Assessment and the Internal Audit Checklist) with the new Clause 6.3 Planning of changes, the additional sub-clauses in Clause 9 Performance evaluation, and the swapping round of the sub-clauses in Clause 10 Improvement. We’ve also taken account of the new requirements within those clauses where the wording has changed.
But it’s within the Annex A controls that the most obvious changes have happened. Just to remind you, there are now 93 controls organized into four themes:
Instead of the previous fourteen Annex A folders, we now have just four. Rather than present the toolkit user with large numbers of documents in four large folders (which experience has shown is too much), we have taken the approach of grouping the relevant documents by individual control, with a Folder index in each theme folder to help you see where the documents are located.
To further help you navigate the toolkit, we have included a reference to the control name within each sub-folder, along with the documents, for example:
As well as restructuring the toolkit in line with ISO27001:2022, we have taken the opportunity to add a total of twenty-nine new documents and forms compared to the 2013 version (some of which were included in Version 11A of the toolkit). These include:
Many documents have been updated both to reflect the new control set (such as the Gap Assessment, Statement of Applicability and Risk Assessment tools) and to cater for changing technology. Some documents have been simplified in line with requirements and a few have been removed, largely for consistency reasons. Because there is no longer a direct match between the new Annex A control set and the companion standards ISO27017 and ISO27018, references to these standards have been mostly removed, although much of the relevant technical content has been retained.
Ken Holmes, CEO of CertiKit (and closely involved in the new toolkit version) said “I am delighted that we’ve been able to combine an alignment with the new standard with such a significant upgrade to the content of the toolkit. This has resulted in a truly premium product.”
Version 12 of the CertiKit ISO27001 Toolkit is available to new customers immediately via our website, and will be provided free of charge to qualifying existing customers via our lifetime updates promise.
For more guidance on implementing the ISO27001:2022 standard, we’ve put together a list of our best free resources including video guides, blogs and downloadable documents.