Question: Migrating from ISO 27001:2017 to 27001:2022

I am pretty sure I saw a thread or a blog post by eramba about the subject on how best to migrate?

Of course, I have already read up on the changes between the versions and have done a one day refresher course about the differences as well as read other people’s approach to the subject, so I thought I’d revisit eramba’s suggested procedure but now I can’t find it anywhere.

hi !
migrate what? sorry might sound as a silly question i just want to double check.
the migration from community to enterprise is documented here: Docker Install | Eramba learning portal

sorry my bad, you are talking about ISO i missed the subject completely.

The changes on the standard this time are substantial so what I’ve seen is most people uploading the new standard and one by one asociating existing policies and controls to the new package, most leave the old package there “jus in case”.

I would not trust relying on “mappings” in between 2013 and 2022 as there are quite a few changes. Your existing controls and policies might not suffice for the new standard.

As I said in my post title:

from ISO 27001:2017 to 27001:2022

is that what you are asking?

I see you edited your reply, great, we’re on the same page now.
Yes, I wouldn’t want to do a simple mapping, I just kind of remembered seeing some thread or a blog post on here, but I might have been mistaken.

I was planning to go through the new standard and annex, one by one, just wanted to read as many posts/how-tos as possible to make sure I don’t miss anything essential :slight_smile:

1 Like