As a reminder a new version of ISO 27001 has been issued and the deadline for updating your company’s ISO 27001 program from 2005 to 2013 is quickly approaching. There are some significant changes to ISO 27001 in the newest 2013 edition. Utilizing the guidelines in ISO 27001:2013 will improve the standardization and operations of the information security program in your organization.
For more details on changes in the 2013 standard please refer to our guide: 8 Step Guide to Bring Your Current ISMS from ISO 27001:2005 to ISO 27001:2013
- New Implementations – The deadline for new implementation has expired as ISO/IEC 27001:2005 is no longer allowed as of October 1, 2014
- Transition (Including Surveillance Reviews) – Can be performed (2005 to the 2013 standard) until October 1, 2015
- Complete Transition – After October 1, 2015 all new certifications are required to use the 2013 standard
- Realignment of the management system requirements to clauses 4 through 10
- Risk assessment focus to risk owners
- Controls Annex realignment and additional controls
Key Implementation Steps
- Review current process and management system documentation
- Update Statement of Applicability (SoA) based on the new framework
- Update documentation
- Ensure internal audits and management review are being planned and performed
We can answer any of your questions regarding the new version of ISO 27001.
Please contact us by phone at 888-702-5446 or by email at [email protected].