Holders of the ISO 27001:2005 Standard will be aware that the “Clock is ticking” and they must upgrade to the new 2013 Standard by September 2015 or risk being de-registered.  However most organisations are being cautious not to rush the transition and perhaps get a system that is too complicated or difficult to maintain.  This final part of our series detailing the various steps needed to achieve a successful transition to the revised Standard.

You should have all the procedures, records and evidence in place to show that your ISMS (information Security Management System) is working.

To confirm this you should now carry out an internal audit.

The first part of your audit will cover the 27001 mandatory requirements:

Documented Information  (formerly document and records control)

Management review
Internal audit
Risk assessment
Risk treatment

Then you can use this modified  SOA as a checklist   (you may need to adjust the formatting to suit your paper format)


Once the audit is complete you should carry out any corrective action for non-conformities found during the audit.

You will then be ready to have your chosen certification body carry out an assessment.

If all is well you will be awarded a certificate of compliance to ISO 27001: 2013.

If you have problems or think that you need help simply email us at QMLUK@aol.com.  We have been doing this type of work since 1991 and offer a guarantee of success.

The official blog for independent Management Training
Consultancy, Quality Matters Limited.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *