Information Security Management System Transition Strategy From ISO/IEC 27001:2013 To ISO/IEC 27001:2022 At PT PKT

Abstract

ISO issued the ISO/IEC 27001:2022 standard in October 2022 to update ISO/IEC 27001:2013 with the main objective of improving the relevance of the standard to the current state of information security, ensuring simpler and more effective controls, and facilitating better risk handling. The transition period given is for 3 years since the latest standard was published in October 2022, ISO provides a transition period until October 31, 2025 so that organizations can adjust their information security management systems to the latest version. After that date, ISO/IEC 27001:2013 certification is declared invalid, and all organizations that want to maintain their certification must comply with the latest ISO/IEC 27001:2022 standard.The proposed solution from this research is thirteen action plans to be implemented by PT PKT to close the identified gaps and to meet all the requirements in ISO/IEC 27001:2022. The action plans are grouped according to Plan-Do-Check-Action (PDCA) cycle adopted by ISO as the basis for consideration in preparing the implementation time frame. The results of the research showed that PT PKT could make a transition in eight months. The implementation of proposed action plan starts in July 2024 and will completed in February 2025, which means that PT PKT can successfully transition ISO/IEC 27001:2022 before the due date.