• Skip to main content
  • Skip to footer

Public Organization navigation bar

  • SCC Connect
  • Buy Standards
  • Contact Us
  • Login
  • Français
Standards Council of Canada

Standards Council of Canada - Conseil canadien des normes

Search

Primary site navigation bar

  • Home
  • About SCC

    • What we do
    • Governance and management
    • Careers and volunteer opportunities
    • Publications
    • Awards
    • Transparency
    • Contact Us
  • News and Events

    • News
    • Monthly Newsletter
    • Important updates
    • Events
  • Standards

    • What are standards?
    • Find or Buy Standards
    • Participate in standards development
    • Stay informed of changing standards
    • Notices of Intent
  • Accreditation

    • What is accreditation?
    • Get accredited
    • Find an accredited body
    • Access important accreditation documents
    • Search Laboratories
    • Accreditation programs
    • Become an Assessor
    • Training
  • Flagship Initiatives

    • Innovation
    • Northern Infrastructure (NISI)
    • Canadian Free Trade
    • International Trade/CETA
    • Cannabis
    • Infrastructure and Environment
    • General Data Protection Regulation
    • Gender and Standardization
    • Data Governance
    • CyberSecure Canada
    • Digital Credentials
    • Hydrogen
    • Mental Health and Substance Use
    • National Standards Strategy 
    • New National Standards of Canada for Long-term care
    • The 50-30 Challenge
  • Information for

    • Business Professionals
    • Governments
    • Regulators
    • Importers / Exporters
    • Members
    • Academia
  • Home
  • Menu
  • Search
  • Settings
  • SCC Connect
  • Buy Standards
  • Contact Us
  • Login
  • Français
  • Home
  • About SCC

    • What we do

      • Mandate, Mission and Vision
      • History
    • Governance and management

      • Governing Council
      • Standing Committees
      • Advisory Committees

        • Provincial-Territorial Advisory Committee (PTAC)
        • Standards Development Organizations Advisory Committee (SDOAC)
      • Executive Team
      • Operations and branches

        • Accreditation Services
        • Corporate Services
        • Standards and International Relations
        • Strategy and Stakeholder Engagement
    • Careers and volunteer opportunities

      • Become an SCC Assessor
      • Volunteer opportunities and benefits

        • Questions about volunteer opportunities
    • Publications

      • Corporate Documents

        • Annual Reports

          • 2017-2018
          • 2018-2019
          • Agility.Flexibility.Compassion. SCC Annual Report 2020–2021
          • Moving forward together: 2021-2022 Annual Report
        • Corporate Plans
        • Quarterly Financial Statements
      • Requirements and Guidance - Participation in International Standardization
      • Features
      • Other Publications
    • Awards

      • Hugh Krentz Award

        • 2018 — Don Newsham
        • 2016 - G. Rae Dulmage
        • 2014 - T. Duncan Ellison
      • SCC Corporate Commitment Award

        • 2018 — National Research Council
        • 2016 - Mental Health Commission of Canada
        • 2014 - Health Canada's Consumer Product Safety Directorate
      • SCC Committee Achievement Award

        • 2018 – MC/ISO/TC 215 – Health Informatics
        • 2016 - Thermal Insulation Materials and Systems
        • 2014 - Sterilization of Health Care Products
      • SCC Young Leader Award

        • 2018 — Amin Yazdani
        • 2016 - Mark Ramlochan
        • 2014 - Stephanie McLarty
      • McMahon Dedicated Service Award

        • 2018 – Hélène Couturier
        • 2016 - Lynne Gibbens
        • 2014 - Pat Bonnilla
      • General Eligibility Criteria
      • Awards Archive

        • Jean P. Carrière Award
        • Roy A. Phillips Award
        • SCC Leadership Award
        • SCC Award of Excellence
        • Distinguished Service Award
    • Transparency

      • Travel and Hospitality Expenses
      • Annual Expenditures for Travel, Hospitality and Conferences
      • Special Examination Reports
      • ATIP and Privacy Act Annual Report
      • Access to Information Requests
      • Info Source
      • Procurement Policies
      • 2023-2025 Accessibility Plan
    • Contact Us

      • Staff Directory
      • Complaints
  • News and Events

    • News
    • Monthly Newsletter
    • Important updates
    • Events

      • Annual Public Meeting
      • World Standards Day

        • 2018 Archive
        • 2017 Archive
        • 2016 Archive
        • 2015 Archive
        • 2014 Archive
        • 2013 Archive

          • Agenda
          • Exhibitors
        • 2012 Archive
        • 2010 Archive
      • World Accreditation Day

        • 2019 Archive
        • 2018 Archive
        • 2017 Archive
        • 2016 Archive
        • 2015 Archive
        • 2014 Archive

          • Agenda
        • 2013 Archive
  • Standards

    • What are standards?

      • Types of standards
      • Benefits of applying standards
      • How are standards developed?

        • Registration and Maintenance Authorities
      • Learn about standards

        • Orientation Modules
    • Find or Buy Standards

      • Why do you have to pay for standards?

        • Search published standards
        • Search published standards
        • Buy Standards

          • Copyright Licensing
    • Participate in standards development

      • Comment on international standardization activities
      • Comment on draft standards
      • Participate in committees

        • All committees
        • Committees actively recruiting
      • Participate in governance work
    • Stay informed of changing standards
    • Notices of Intent

      • Archived notices
  • Accreditation

    • What is accreditation?

      • About accreditation
      • Benefits of Accreditation
    • Get accredited

      • Steps to accreditation
      • Apply for accreditation
      • How to get certified
      • Guidelines for Remote Assessments/Inspections
    • Find an accredited body

      • Accreditation notices
    • Access important accreditation documents

      • Requirements and procedures
      • Accreditation bulletins
      • Policy on Accreditation Symbol Use
    • Search Laboratories
    • Accreditation programs

      • Certification of Persons

        • Scope
        • Requirements Procedures
        • Bulletins
        • Directory
        • Contact Us
      • GLP Recognition

        • Requirements and Procedures
        • Bulletins
        • Directory
        • Contact Us
      • Verification/Validation

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Directory of Accredited Bodies
        • Contact Us
      • Inspection Bodies

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Directory
        • Contact Us
      • Testing and Calibration Laboratories

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Directory
        • Contact Us
      • Medical Testing Laboratories

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Directory
        • Contact Us
      • Product, Process and Service Certification

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Directory of Accredited Certification Bodies
        • Regulatory Authority Advisory Bodies
        • Contact Us
      • Management Systems Certification Bodies

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Directory of Accredited Certification Bodies
        • Contact Us
      • Proficiency Testing Providers

        • Scope
        • Requirements and Procedures
        • Bulletins
        • Contact Us
      • Standards Development Organizations

        • Requirements and Procedures
        • Directory of Accredited Certification Bodies
        • Contact Us
        • Bulletins
      • Reference Material Producers Overview

        • Directory of Accredited Bodies
        • Reference Material Producers Bulletins (Technical Updates)
        • Reference Material Producers Requirements and Procedures
        • Reference Material Producers Scope
    • Become an Assessor
    • Training

      • Introduction to ISO/IEC 17065:2012
      • Introduction to ISO/IEC 17021-1:2015
      • Introduction to ISO/IEC 17020:2012
      • Verification/Validation CORSIA  
      • Introduction to ISO/IEC 17025:2017
      • Introduction to ISO/IEC 17029 and ISO 14065
      • Mastering Internal Audits: Plan and execute audits that improve your systems and processes
      • Understanding the OECD Principles of Good Laboratory Practices (GLPs)
  • Flagship Initiatives

    • Innovation
    • Northern Infrastructure (NISI)

      • Building in permafrost
      • Community systems from start to finish
      • Dealing with extreme weather
      • Designing with climate change and risk in mind
      • NISI 101
    • Canadian Free Trade
    • International Trade/CETA

      • CETA
    • Cannabis
    • Infrastructure and Environment
    • General Data Protection Regulation
    • Gender and Standardization
    • Data Governance

      • Data Governance Background
      • DGSC steering committee co-chairs
    • CyberSecure Canada
    • Digital Credentials
    • Hydrogen
    • Mental Health and Substance Use
    • National Standards Strategy 
    • New National Standards of Canada for Long-term care
    • The 50-30 Challenge

      • Making 50 – 30 a business reality
  • Information for

    • Business Professionals

      • Access new markets
      • Gain a competitive advantage
      • Manage business risk
      • Reduce cost / Increase revenue
    • Governments

      • Benefits of standardization for government
    • Regulators

      • How SCC supports regulators
      • Role of regulators in a standardized system
      • Supporting public safety
      • Tools and services for regulators
    • Importers / Exporters
    • Members
    • Academia

WET:Mega Menu:Connect

  • Home
  • Groups

Breadcrumbs

  1. Home
  2. Accreditation
  3. Access important accreditation documents
  4. Accreditation bulletins

Primary navigation (left column)

Section Menu

  • What is accreditation?
  • Get accredited
  • Find an accredited body
  • Access important accreditation documents
    • Requirements and procedures
    • Accreditation bulletins
    • Policy on Accreditation Symbol Use
  • Search Laboratories
  • Accreditation programs
  • Become an Assessor
  • Training

SCC Monthly Newsletter

Receive monthly news updates straight to your inbox.

What kind of news would you like?
 
 

Standards Council of Canada

SCC Accreditation Services Bulletin #2022-25 – ISO/IEC 27001:2022 transition and ISO/IEC 27002:2022 publication

2022/12/20

Bulletin number: 

2022-25

Affected program: 

  • Management Systems (all programs)


Action required

Take note that the following are published:

  • ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
  • IAF MD26:2022 Transition Requirements for ISO/IEC 27001:2022 (PDF)
  • ISO/IEC 27002:2022 Information Security, cybersecurity and privacy protection – Information security controls (this document also provides guidance on transition requirements for ISO/IEC 27001:2022)

 

SCC ISMS customers are required to transition to ISO/IEC 27001:2022 according to the requirements listed in MD 26. 

 

Affected customers

All SCC-accredited Information Security Management System Certification Bodies, applicants, assessors and other relevant stakeholders.

 

Background

ISO/IEC 27001:2022 was published in October 2022 following the preparation of ISO/IEC 27001:2013/AMD1:2022. It updates relevant text in ISO/IEC 27001:2013 according to ISO/IEC 27001:2013/COR 1:2014, ISO/IEC 27001:2013/COR 2:2015 and ISO/IEC 27001:2013/AMD1:2022.

The key changes and their impact are detailed in MD 26:2022 starting on page 5.

 

New requirements

Document review required

SCC shall conduct the technical document review to confirm whether or not conformity assessment bodies (CABs) are competent for ISO/IEC 27001:2022. SCC will be ready to complete these reviews beginning February 28, 2023. An exception to this timeline may be applied if a CAB is ready to proceed before February 28, 2023. The CAB must communicate in writing with their Account Manager to be considered for an exception. Exception will only be granted if the CAB meets all requirements indicated below.

SCC shall transition all CABs no later than August 31, 2023. The Scope of Accreditation will be revised when the transition process is complete, and CABs must have an updated Scope of Accreditation to begin assessing against ISO/IEC 27001:2022.

SCC shall determine the suitability of the CAB’s transition arrangement and, if applicable, the effectiveness of its implementation through reviewing the following information submitted by the CAB:

  • the gap analysis of the changes in ISO/IEC 27001:2022;
  • the transition arrangement and its implementation evidence;
  • the authorization of the related personnel; 
  • the other relevant information deemed necessary by AB.
     

Technical Assessment at CAB Head Office 

If SCC can obtain sufficient evidence through the CAB technical document review, then a CAB head office assessment is not required. If SCC is not able to verify the effective implementation and conformance with the CAB’s transition arrangement, then an office assessment is required.


CAB’s Arrangements

CABs shall establish their transition arrangement for ISO/IEC 27001:2022 considering the requirements in MD 26: 2022 and SCC’s transition arrangement.


The transition arrangement shall address what the CAB shall do and what the client shall do. The CAB may have several separate documents to address the transition arrangement.


The transition arrangement shall include at least the consideration of the following:

  • the changes in ISO/IEC 27001 and the gap analysis;
  • the need to modify the related certification processes, documents and, if applicable, IT systems for managing certification activities; 
  • the relevant personnel are competent for ISO/IEC 27001:2022 and transition process; 
  • the audit team, as a whole, shall have knowledge of all controls contained in ISO/IEC 27002:2022 and their implementation (see ISO/IEC 27006:2015, 7.1.2.1.3 b); 
  • the transition audit programme; 
  • there is a timely communication to the clients on the transition programme, such as the timeline, transition audit approach, and the consequences if the client fails to transition prior to the end of the transition period.

CABs are encouraged to plan and begin required actions at the earliest opportunity.

 

Deadline

SCC Timescale

  • SCC is ready to assess to ISO/IEC 27001: 2022 no later than February 28, 2023
  • All initial assessments by SCC to ISO/IEC 27001:2022 to begin no later than February 28, 2023
  • SCC has completed all transitions of CABs by August 31, 2023


CABs Timescale

  • Initial certification by CAB to ISO/IEC 27001: 2022 to begin no later than August 31, 2023
  • CAB transitions of certified clients completed by August 31, 2025

 

Questions?

Please contact Abdel Kassou, Manager, Compliance and Assessment Services, at abdel.kassou@scc.ca or +1 613 238 3222 for more information.

 
 

SCC Monthly Newsletter

Receive monthly news updates straight to your inbox.

What kind of news would you like?
 
 

Footer

YouTube  Twitter  LinkedIn  Facebook icon
 
  • Home
  • SCC Connect
  • FAQs and Glossary
  • Notices and terms
  • Contact Us
  • Site Map
  • ABOUT SCC
  • What we do
  • Governance and management
  • Career and volunteer opportunities
  • Publications
  • Awards
  • Transparency
  • 50 Years
  • STANDARDS
  • What are standards?
  • Buy standards
  • Participate in standards development
  • Stay informed of changing standards
  • ACCREDITATION
  • What is accreditation?
  • Get accredited
  • Find an accredited body
  • Access important accreditation documents
  • Accreditation Programs
  • FLAGSHIP INITIATIVES
  • Innovation
  • Canadian Free Trade
  • International Trade
  • Cannabis
  • General Data Protection Regulation
  • Environment
  • Gender and Standardization
  • INFORMATION FOR…
  • Business Professionals
  • Governments
  • Regulators
  • Importers and Exporters
  • Members
  • NEWS AND EVENTS
  • News
  • Events
  • Monthly Newsletter

© Standards Council of Canada, 2023

55 Metcalfe Street, Suite 600, Ottawa, ON  K1P 6L5  Canada
Email: info@scc.ca | Telephone: +1 613 238 3222

Canada