With this news communication, RvA introduces its transition policy towards the implementation of this new standard.
Per October 1, 2013, ISO published the new ISO/IEC27001: 2013. Based on this event, IAF in its meeting in Seoul, resolved as follows:
IAFResolution 201313 (Agenda Item 8) Endorsement of ISO/IEC 27001:2013 - TheGeneral Assembly, acting on the recommendation of the Technical Committee,resolved to endorse ISO/IEC 27001:2013 Information technology - Securitytechniques - Information security management systems Requirements, as anormative document.
The General Assembly further agreed that the deadline for conformance to ISO/IEC 27001:2013 will be two years from the date of publication. One year after publication of ISO/IEC 27001:2013, all new accredited certifications issued shall be to ISO/IEC 27001:2013.
Note: As the date of publication was 1 October 2013, the deadline for Certification Bodies to conform will be 1 October 2015.
Considering the nature of the changes, the CBs who have already been accredited by RvA for certification in accordance with ISO/IEC 27001: 2005, may apply this new standard under accreditation per direct (i.e. without prior approval by RvA).The RvA will, during the first regular surveillance or re-assessment give extra attention to the introduction of the new standard. The following points will receive specific focus: