High Table ISO 27001 Logo

ISO 27001 Clause 6.3 Planning Of Changes

Home / ISO 27001 Clauses / ISO 27001 Clause 6.3 Planning Of Changes
ISO 27001 Clause 6.3 Planning Of Changes Certification Guide

The 2022 update to the ISO 27001 standard introduced a new control called ISO 27001 Clause 6.3 planning of changes.

There is nothing to worry about here, so let us take a look at what it is and what you have to do.

First off, don’t panic.

In this ultimate guide to ISO 27001 Clause 6.3 Planning Of Changes you will learn

  • What is ISO 27001 Clause 6.3 
  • How to implement ISO 27001 Clause 6.3

I am Stuart Barker, the ISO 27001 Ninja and author of the Ultimate ISO 27001 Toolkit.

With over 30 years industry experience I will show you what’s new, give you ISO 27001 templates, show you examples, do a walkthrough and show you how to implement it for ISO 27001 certification.

Table of contents

What is ISO 27001 Clause 6.3 Planning of Changes

The new control ISO 27001 clause 6.3 planning of changes relates directly to changes to the information security management system and that you will make the changes in a planned manner.

There is nothing at all to worry about here and you will have been doing this all along.

It is just now explicit in the standard.

What does the ISO 2001 standard say about ISO 27001 Clause 6.3 Planning of Changes?

When the organisation determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.

ISO27001 Clause 6.3

What you need to do for ISO 27001 Clause 6.3 Planning of Changes

To meet the requirement all you have to do is plan your changes to your information security management system and evidence that you managed the change.

ISO27001 Clause 6.3 Planning of Changes

This is easy to do if you follow best practice and review and republish your documents annually. Make sure you have a documented plan that shows when you last did it and when you are going to do it again.

You will have a Documents and Records Policy and be following it.

You will use the management review team to sign off your changes and you will update your communication plan with evidence of the communications taking place to communicate those changes.

It is good practice to have version control in your documents but also to keep previous revisions of documents / the information security management system so that you can revert back if needed.

The fact that you will already have continual improvement, incident management, internal audit policies and processes in place already factor in your planning for changes to the information security management system and can be used as evidence of such.

ISO 27001 Templates

ISO 27001 templates are a great way to fast track your implementation and leverage industry best practice.

DO IT YOURSELF ISO 27001

All the templates, tools, support and knowledge you need to do it yourself.

The Ultimate ISO 27001 Toolkit
ISO 27001 Toolkit Business Edition