One of the interesting questions with this is whether the 27001 and 27002 compliance packages should be modified to include the new 27701 requirements and controls (since many are modifications rather than additions).
So I might end up with these four compliance packages in use:
- 27001
- 27002
- 27001 + 27701 Clause 5
- 27002 + 27701 Clauses 6,7,8
(and realistically the 27001 and 27002 packages would be redundant if fully committed to the 27701 PIMS version of ISMS)