The 2022 update to the ISO27001 standard introduced a new control called ISO27001 Clause 6.3 planning of changes.
There is nothing to worry about here, so let us take a look at what it is and what you have to do.
First off, don’t panic.
I am Stuart Barker the ISO27001 Ninja and this is the new ISO27001 Control – ISO27001 Clause 6.3 Planning of Changes
Table of contents
What is ISO27001 Clause 6.3 Planning of Changes
The new control ISO27001 clause 6.3 planning of changes relates directly to changes to the information security management system and that you will make the changes in a planned manner.
There is nothing at all to worry about here and you will have been doing this all along.
It is just now explicit in the standard.
What does the ISO2001 standard say ISO27001 Clause 6.3 Planning of Changes?
When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.
ISO27001 Clause 6.3
What you need to do for ISO27001 Clause 6.3 Planning of Changes
To meet the requirement all you have to do is plan your changes to your information security management system and evidence that you managed the change.
This is easy to do if you follow best practice and review and republish your documents annually. Make sure you have a documented plan that shows when you last did it and when you are going to do it again.
You will have a Documents and Records Policy and be following it.
You will use the management review team to sign off your changes and you will update your communication plan with evidence of the communications taking place to communicate those changes.
It is good practice to have version control in your documents but also to keep previous revisions of documents / the information security management system so that you can revert back if needed.
The fact that you will already have continual improvement, incident management, internal audit policies and processes in place already factor in your planning for changes to the information security management system and can be used as evidence of such.
ISO27001 Certification Requirements
ISO27001 Certification Requirements set out clause by clause with these complete certification guides that include everything you need to know, what you need to do and ISO 27001 templates.
- ISO27001 Clause 4.1 Understanding The Organisation And Its Context
- ISO27001 Clause 4.2 Understanding The Needs And Expectations Of Interested Parties
- ISO27001 Clause 4.3 Determining The Scope Of The Information Security Management System
- ISO27001 Clause 4.4 Information Security Management System (ISMS)
- ISO27001 Clause 5.1 Leadership And Commitment
- ISO27001 Clause 5.2 Information Security Policy
- ISO27001 Clause 5.3 Organisational Roles, Responsibilities And Authorities
- ISO27001 Clause 6 Planning
- ISO27001 Clause 6.1.1 Planning General
- ISO27001 Clause 6.1.2 Information Security Risk Assessment
- ISO27001 Clause 6.1.3 Information Security Risk Treatment
- ISO27001 Clause 6.2 Information Security Objectives And Planning To Achieve Them
- ISO27001 Clause 7.1 Resources
- ISO27001 Clause 7.2 Competence
- ISO27001 Clause 7.3 Awareness
- ISO27001 Clause 7.4 Communication
- ISO27001 Clause 7.5.1 Documented Information
- ISO27001 Clause 7.5.2 Creating And Updating Documented Information
- ISO27001 Clause 7.5.3 Control Of Documented Information
- ISO27001 Clause 8.1 Operational Planning And Control
- ISO27001 Clause 8.2 Information Security Risk Assessment
- ISO27001 Clause 8.3 Information Security Risk Treatment
- ISO27001 Clause 9.1 Monitoring, Measurement, Analysis, Evaluation
- ISO27001 Clause 9.2 Internal Audit
- ISO27001 Clause 9.3 Management Reviews
- ISO27001 Clause 10.1 Continual Improvement
- ISO27001 Clause 10.2 Non Conformity and Corrective Action
Read Next
- ISO 27001 Certification up to 10x Faster and 30x Cheaper
- The Ultimate ISO 27001 TOOLKIT so you can do it yourself
- ISO 27001 Exposed: The facts you must know (Not knowing these could cost you $10,000s!)
- 25 Things You Must Know Before Going for ISO 27001 Certification (Number 3 will blow your mind!)
- ISO27001 Reference Guide: Clause by Clause