The typical lifespan of an ISO standard is five years. After this period, it is decided whether the norm can stay valid, needs revision or should be retracted. In 2018, it was decided that ISO 27001:2013 should be revised. This revision is expected by the end of 2021.
Annex A of ISO 27001:2013 contains 114 controls, divided over 14 chapters. This is going to be restructured.
ISO 27001:2021 will contain 95 controls, divided over 4 chapters:
- Annex 5 Organizational (37 controls)
- Annex 6 People (8 controls)
- Annex 7 Physical (14 controls)
- Annex 8 Technological (36 controls
Next to that, the controls will be (hash) tagged by control type (#preventive, #detective, #corrective), classification (#confidentiality, #integrity, #availibility) and NIST concept (#identify, #protect, #detect, #respond, #recover).
This will make it easier to locate them during risk mitigation.
High level structure
The requirements of the management system itself (Annex L) are not expected to change.
Updating your existing ISMS
First of all: there is no rush. If you have already started implementing ISO 27001 according to the current version, it will remain possible to certify your ISMS for a prolonged period of time. You will most likely only need to update your ISMS before the next certification cycle (three years after initial certification).
Once the new version of the standard becomes available, not only will we update Instant 27001 immediately, we will also release an ISO 27001:2021 update kit for existing customers.
This update kit will contain the following:
- A new Annex A structure containing all 95 controls
- The implementation field of which will be linked to the existing documents where possible
- The (hash) tags will be added as Confluence labels
- New policies or procedures as necessary
- Instructions how to import and merge with your existing ISMS
If you wish, existing clients can also opt to receive a new, empty, version of Instant 27001 at a reduced price.
- ISO 27001:2021 update kit € 495
- Instant 27001 Complete ISMS € 995 (for existing Instant 27001 clients)
Depending on your location, local taxes may apply (read more).