Developing and maintaining a management system, either on its own (ISMS) or as an integrated management system (combination of two or more systems: e.g., ISMS/PIMS/BCMS), helps to reduce digital risks, by structuring the organisation’s information security management with a systemic approach. If you are planning to align with NIS, DORA, SOC 2 Type 2, Irish public Sector Cyber Security Baseline Standards etc, having an ISMS can be a good starting point as it has complementary controls.
Deloitte's multidisciplinary team has experience in designing, implementing, running, continuously improving, and auditing management systems. Deloitte have assisted, and continue to assist, multiple organisations in all sectors in every stage of their ISMS journey.
The new version of ISO/IEC 27001 was released on October 25, 2022. The transition timeline is set to be three years. Current 2013-certificates therefore need to be transitioned to the new version by October 2025.
The transition audit can be carried out during any scheduled audit during the three-year transition period but can also be performed as a special transition audit.