|It is to be Informed to all ISO 27001:2013 clients that MMS has started the transition of the ISO 27001:2022 as soon as its getting approval from EGAC and
Cut off date of the Transition from ISO 27001:2013 to ISO 27001:2022 is October 31, 2025.
The existing clients of ISO 27001:2013 can approach for the transition at the time of surveillance or recertification or as a separate audit by making a request in written to MMS at firstname.lastname@example.org.
All existing client of ISO 27001:2013 has to be completed the transition before the October 31, 2025, if any client is unable to meet the requirement of transition October 31, 2025 then the client shall be suspended and subsequently withdrawn.
- Client organistaion has to conduct the gap analysis as per ISO 27001:2022 and implement the system as per the standards requirements
- Once the system and information security controls are implemented then write to MMS at email@example.com.
- Client organization can conduct the audit in conjugation with Surveillance audit or Recertification audit or can request as a separate audit
- When the Transition audit is in conjugation of surveillance or recertification audit or a separate audit 0.5 manday shall be added to check and verify the Transition requirements.
- The transition audit shall not only rely on the document review, especially for reviewing the technological controls but it shall be the in-depth audit for the establishing and implementation of the Information security controls
- Client organization has to update the Statement of Applicability (SOA) and Risk Treatment plan.
- Client organistion is not limited to the information security controls defines in the Annexure A but it can choose some more controls if applicable
- Client organsition can make a request for remote audit and decision to conduct audit is reserve by the MMS. MMS may conduct remote audit if MMS understand that Audit Objective can be achieved