+90 224 266 00 16
[email protected]
trTürkçe
enEnglish
LinkedIn

ISO 27006-1 2024 TRANSITION ANNOUNCEMENT

ilkadminGenel

The ISO/IEC 27006-1:2024 standard was published on March 01, 2024.

Certification Bodies must complete the transition of their customers to ISO/IEC 27006-1:2024 within 24 months after the publication of the standard. Certified organizations must complete their transition by the end of March 31, 2026.

In this context, 12 months after the publication of the ISO/IEC 27006-1:2024 Standard, Certification Bodies will not conduct initial certification audits or recertification audits according to ISO/IEC 27006:2021.

The work to be done for the ISO/IEC 27006-1:2024 transition of certified organizations should include, but not be limited to, the following:

  • Improving the requirements for remote audits
  • Aligning Annex D of ISO/IEC 27006:2015 with the information security controls listed in Annex A of ISO/IEC 27001:2022 and transferring it as Annex E of ISO/IEC 27006-1:2024.
  • Improving the requirements for referencing other standards in ISMS certification documents
  • Removing redundancies with ISO/IEC 17021-1:2015.
  • Removing the quantitative requirement for ISMS auditors’ work experience and education (e.g. 4 years of full-time practical workplace experience).

For transition applications [email protected]

IQR may conduct the transition audit together with a surveillance audit, a recertification audit, or through a separate audit.

The transition audit will not rely solely on document review, particularly for the review of technological information security controls.

The transition audit will include, but is not limited to:

  • Improving the requirements for remote audits
  • Aligning Annex D of ISO/IEC 27006:2015 with the information security controls listed in Annex A of ISO/IEC 27001:2022 and transferring it as Annex E of ISO/IEC 27006-1:2024.
  • Improving the requirements for referencing other standards in ISMS certification documents
  • Removing redundancies with ISO/IEC 17021-1:2015.
  • Removing the quantitative requirement for ISMS auditors’ work experience and education (e.g. 4 years of full-time practical workplace experience).

A minimum of 0.5 auditor days will be added to the transition audit when performed together with the recertification audit.

A minimum of 1.0 auditor days will be added for the transition audit when performed together with the surveillance audit or as a separate audit.

When the certification document is updated because the client has successfully completed only the transition audit, the expiration of the current certification cycle will not change.

All certificates based on ISO/IEC 27006:2021 will expire or be withdrawn at the end of the transition period.

Menu