ISO27001 Clause 6.3 Certification Guide | Planning Of Changes

ISO27001 Clause 6.3 Planning Of Changes Certification Guide

The 2022 update to the ISO27001 standard introduced a new control called ISO27001 Clause 6.3 planning of changes.

There is nothing to worry about here, so let us take a look at what it is and what you have to do.

First off, don’t panic.

I am Stuart Barker the ISO27001 Ninja and this is the new ISO27001 Control – ISO27001 Clause 6.3 Planning of Changes

What is ISO27001 Clause 6.3 Planning of Changes

The new control ISO27001 clause 6.3 planning of changes relates directly to changes to the information security management system and that you will make the changes in a planned manner.

There is nothing at all to worry about here and you will have been doing this all along.

It is just now explicit in the standard.

What does the ISO2001 standard say ISO27001 Clause 6.3 Planning of Changes?

When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.

ISO27001 Clause 6.3

What you need to do for ISO27001 Clause 6.3 Planning of Changes

To meet the requirement all you have to do is plan your changes to your information security management system and evidence that you managed the change.

This is easy to do if you follow best practice and review and republish your documents annually. Make sure you have a documented plan that shows when you last did it and when you are going to do it again.

You will have a Documents and Records Policy and be following it.

You will use the management review team to sign off your changes and you will update your communication plan with evidence of the communications taking place to communicate those changes.

It is good practice to have version control in your documents but also to keep previous revisions of documents / the information security management system so that you can revert back if needed.

The fact that you will already have continual improvement, incident management, internal audit policies and processes in place already factor in your planning for changes to the information security management system and can be used as evidence of such.

ISO27001 Certification Requirements

ISO27001 Certification Requirements set out clause by clause with these complete certification guides that include everything you need to know, what you need to do and ISO 27001 templates.

ISO 27001 Templates Toolkit Business Edition Black
ISO27001 Policy Templates Pack Green

FREE 30 minute ISO27001 strategy session.

Claim your 100% FREE no-obligation 30 minute strategy session call (£1000 value). This is strictly for small businesses who are hungry to get ISO27001 certified up to 10x faster and 30x cheaper.

ISO27001 Certification Stragey Call
Shopping Cart