The version of ISO/IEC 27001:2013*) will be mentioned on the scope of accreditation in order to make clear that the CB is accredited for this version. After gaining accreditation for ISO/IEC 27001:2022, both versions will be mentioned on the scope of accreditation, with the end date of October 25, 2025 for ISO/IEC 27001:2013.
Not yet accredited for ISO 27001?
CB’s that do not have accreditation for ISO/IEC 27001 may apply for an accreditation scope extension as per usual. The assessment will consist of a documentation assessment, an office assessment and a stage 1 and stage 2 witness assessment ISMS audit (see SAP-C010). After April 25, 2023, the RvA will no longer accept new application for accreditation of ISO/IEC 27001:2013.
*) NEN-EN_ISO/IEC 27001:2017+A11:2020 may be read wherever ISO/IEC 27001:2013 is mentioned. This version will not be mentioned on the scope of accreditation.