#164 The ISO 27001:2022 Transition Gameplan - A step-by-step guide to complete your Transition
Release Date: 02/06/2024
#178 Introducing our new host – Ian Battersby
The ISO Show
After 5 years of hosting the ISO Show, Mel Blackmore will be taking a step back as she focuses on her sustainability related endeavors. She’s passing the baton onto our new host – Ian Battersby. Ian is a Senior isologist at Blackmores, and while relatively new to the team, he has a wealth of Standard and ISO related knowledge to share with you all. Today we Introduce Ian Battersby as the new host for the ISO Show and learn about his background in Standards and ISO. You’ll learn · Taking a step back · ...
info_outline
#177 ISO Show Evolution
The ISO Show
Can you believe we’ve been publishing the ISO Show for 5 years now! We certainly can’t! The ISO Show began back in 2019, following a trip to Cumbria by the host Mel Blackmore. She was, and still is, an avid fan of podcasts and while listening to a few of her favourites on the 4 hour trip, she got to wondering if there were any podcasts about ISO Standards. As it happened, there wasn’t at the time, and so the idea for the ISO Show was born. Not more than a few months later the first episode went live, and the rest is history. For the past 5 years, we’ve had the honour of sharing our...
info_outline
#176 Top ISO Standard Trends in Data Centres
The ISO Show
Data Centres could be considered the powerhouse of thousands of businesses globally. Long gone are the days of small physical servers being housed on-site, instead we rely on data centres to keep all our critical data safe and secure. But how do we know they are doing just that? Many hold certifications to security-based Standards such as SOC 2 or NIST to display their commitment to data security. However, many also hold various ISO certifications that cover other aspects of the business outside of information security. Today Steph Churchman, Communications Manager at Blackmores,...
info_outline
#175 How Daisy embedded effective energy management with ISO 50001
The ISO Show
Working towards a sustainable future is going to require a joint effort from everyone if we’re to reach our 2030 and 2050 targets. Several initiatives have come out in recent years to try and address one of our biggest challenges, energy consumption. Many of us in the UK will be familiar with ESOS (The Energy Savings Opportunities Scheme), which involves regular reporting from those that fit its criteria. It’s also recently updated to include a stipulation to include an ESOS Energy Plan, which requires you to detail a route to reduce your energy consumption. However, many...
info_outline
#174 What is the new ISO Climate Change Amendment?
The ISO Show
In February 2024, the ISO and IAF issued an unprecedented change to 31 commonly adopted ISO Standards, such as ISO 9001, ISO 14001 and ISO 27001. This change saw the addition of a new ‘Climate Change Amendment’, which was applied in part due to the ISO’s resolution in support of the ISO London Declaration on Climate Change. So what does this mean for ISO certified businesses? Join Mel as she discusses what this new ISO Climate Change Amendment is, why it was introduced, what are the consequences if you don’t address it and the benefits of its introduction. You’ll...
info_outline
#173 Top 10 Reasons to Use ISO 42001 AI Management
The ISO Show
ISO 42001 was published in December of 2023, and is the first International Standard for Artificial Intelligence Management Systems. It was introduced following growing calls for a common framework for organisations who develop or use AI, to help implement, maintain and improve AI management practices. However, its benefits extends past simply establishing an effective AI Management System. Join Steph Churchman, Communications Manager at Blackmores, on this episode as she discusses the top 10 reasons to adopt ISO 42001. You’ll learn · What is ISO 42001? ...
info_outline
#172 Effectively Responding to a Cyber Incident with Epiq
The ISO Show
Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following. With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously. However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery! We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should...
info_outline
#171 Proactive Steps to Mitigate Cyber Incident Risk with Epiq
The ISO Show
Cyber incidents are on the rise as data shows there was a 20% increase in data breaches from 2022 to 2023. Technology has become an integral part of most businesses, especially post pandemic where many who may have avoided this reliance on tech had no choice but to adapt to survive. As a result, the question of businesses being affected by a cyber incident has become ‘when’ rather than ‘if’. However, there are a number of steps you can take to mitigate risks ahead of any potential incidents. We invited Jack Morris, Account Director at Epiq, to discuss cyber...
info_outline
#170 Trends in the Carbon Market with Nature Broking
The ISO Show
Businesses looking to tackle their environmental impact will need to look at how they can reduce their carbon emissions and offset any remaining emissions to ensure that they reach Net Zero. One of the most common ways businesses offset their emissions is through the purchasing of carbon credits that typically go towards planting trees or re-wilding. However, there are a number of new emerging trends following on from the current commodification of nature, resulting in an attitude shift from businesses who are looking to get a lot more involved in the offsetting process. We invited Luke...
info_outline
#169 Credible Carbon offsetting with Nature Broking
The ISO Show
The UK is the first major economy to achieve it’s 50% reduction target for Greenhouse Gas Emissions (between 1990 and 2022). However, we’ve still got a lot of work to do to reach our 2023 target of a 68% reduction. Many businesses are already making great strides to reduce their Impact, and while you can reduce, achieving true carbon neutrality will involve offsetting a certain amount of emissions. One of the biggest challenges for businesses in terms of completing their offsetting is finding a credible carbon offsetting scheme. Mel is joined by Luke Baldwin, Co-founder and CEO of...
info_outlineThe deadline is looming over the horizon as October 2025 marks end of the validity of ISO 27001:2013 certificates.
Have you made a start on your transition journey? If not, you really should make a start in 2024 to ensure you’re all set well before that final deadline. The first step is to decide if you want to do it yourself or enlist the help of a professional consultant.
For those that want to tackle it yourselves, you’re in luck! As we have just the tool to help: The ISO 27001:2022 Transition Gameplan.
In this weeks’ episode, Steph Churchman, Communications Manager at Blackmores, explains why you need to transition to the 2022 version of the Standard and outlines the 7-step ISO 27001:2022 Transition Gameplan available on the isologyhub.
You’ll learn
· Why do you need to transition to ISO 27001:2022?
· What happens if you don’t transition?
· What is the ISO 27001:2022 Transition Gameplan?
· An overview of the 7-step Gameplan
Resources
· ISO 27001 Transition Gameplan
In this episode, we talk about:
[00:25] A different host – Steph Churchman, Communications Manager at Blackmores, steps in to cover today’s episode. She’s heavily involved with the development and updating of the isologyhub, and will be explaining one of the latest Gameplan’s: The ISO 27001:2022 Transition Gameplan
[01:15] Why do you need to transition to ISO 27001:2022? The October 2025 deadline is fast approaching, so you really should be making a start in 2024 if you’ve not already.
[01:45] Who needs to transition to ISO 27001:2022? – Basically, anyone who is currently certified under ISO 27001:2013 will have to transition to the updated Standard.
One of the main reasons why we recommend getting a head start on this is , Certification Bodies will undoubtedly have a large demand for transition audits in 2025, when everyone’s rushing to get it done last minute. This results in a shortage of resources from the CB’s, and you may end up struggling to get booked in time.
[02:35] What happens if you don’t transition in time? – The harsh truth is you will lose your ISO 27001 certification.
This then means you’ll be required to go through another Stage 1 and 2 Assessment against the latest version of ISO 27001, which can be costly.
Another key reason is the latest version of ISO 27001 also considers a lot of new technologies that weren’t around back when the last version was published. You can imagine now that there are a lot more cybersecurity risks to consider with all the latest technology that has been released in that time. Put simply, it’s for the benefit of your Information Security to ensure you are adhering to the most recent best practice Standards.
[03:40] What is the ISO 27001:2022 Transition Gameplan? This Gameplan will walk you through the stages of transition, which align to our proven isology® approach. Isology being our methodology for implementing any ISO Standard, based on our 18+ years of experience.
In this Gameplan we provide training videos on the changes to ISO 27001, along with specific training videos covering each of the new Annex A controls that you will need to be familiar with, along with templates and workbooks to take you through the process from beginning to end.
[04:20] Step 1: Plan – Before you begin on your journey, it’s advised to understand the main changes to the standard. We’ve summarised the high-level changes in a previous podcast, and included a quick summary in the first step of the Gameplan.
In this first step, you’ll also find guidance on how to prepare for your Certification Body visit. You really do need to do this early on to help establish a realistic timeline to complete your transition work.
[04:55] Step 2: Discover – At this stage, you need to get to grips with the changes to the Standard. There have been a number of controls changed, and 11 completely new ones added. We did cover a select few of these new controls in a few previous podcasts: #111, #112, #113, #114
In this Discover step we provide a number of awareness videos to explore these new controls and changes in detail, including how they may apply to your business.
We’ve also included a downloadable PDF guide to these changes, in case you’d like to share this information internally.
[05:40] Step 3: Expose - In this step we’ve included an ISO 27001:2022 transition workbook, which will act as a guide for all your transition activities. The first being the conducting of a Gap Analysis against the latest version of the Standard.
After completing this, you will have a much better idea of where your main gaps and vulnerabilities are, so you can start putting the necessary controls in place to ensure compliance with ISO 27001:2022.
We’ve also included a summary of the main Management System documentation that will need to be updated ahead of your transition visit.
[06:20] Step 4: Create - This is the step where you will be implementing those changes as a result of your Gap Analysis. This will also be guided by that workbook, and we have provided some additional templates and resources to aid you.
These include:
· A Statement of Applicability Template
· Annex A Control Mapping
· ISO 27001 Management Review Template
[07:15] Step 5: Launch – It’s not just about updating your documentation, you will obviously need to communicate these changes to the wider business.
In this step we go over a few options for your launch plan – including guidance for both a soft launch and an all-in launch.
To help you decide which one would be the best fit for you, we’ve included a full summary of each method in addition to a pro’s and con’s list for each.
[08:30] Step 6: Engage – The last stages are all about gathering evidence of compliance against new and updated clauses and controls.
In this step we provide some insight into what’s required from your Internal Audits and Management Review ahead of your transition visit.
If you wanted to get some more tips on carrying out internal Audits within your business – we also offer a full Internal Auditor course on the hub that covers the core skills needed to complete those. If you become a member of the hub, you’ll get access to our whole library of resources – which includes a wealth of ISO related tools, templates and training videos.
[09:20] Step 7: Review – This last step will help you prepare for the transition visit with your certification body.
We touch on what you should expect from your Certification Body ahead of the transition visit, and include guidance on carrying out a final Document and evidence check to make sure you’re all good to go.
If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour.
We’d love to hear your views and comments about the ISO Show, here’s how:
● Share the ISO Show on Twitter or Linkedin
● Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List