ISO/IEC 27001 2013 (ISO 27001 Standard) ISMS Requirements

Description

You can also buy this Standard with its companion Standard, ISO/IEC 27002:2013, as a cost-effective bundle here >>

ISO/IEC 27001:2013 at a glance

ISO27001:2013 is the new Standard detailing the specifications of an ISMS which Asia-Pacific organisations can implement to improve the state of its information security.

ISO27001:2013 has been written using Annex SL, which provides a common structure for management system standards. By following this structure, the Standard enables organisations to take an integrated approach to management system implementation, eliminating unnecessary duplicate processes.

ISO27001:2013 has been updated to reflect the latest in international best practice for information security, meaning it is the most comprehensive resource for modern information security.

What are the changes in ISO27001:2013, compared to ISO27001:2005?

The 2013 version of ISO27001 is substantially different to the 2005 iteration. Key changes include:

• The 2013 edition has been developed using Annex SL, part of a document published by ISO which provides a common approach and structure for management system standards. Since ISO/IEC 27001:2013 adopts Annex SL it more easily lends itself to integration with other management system standards.
• The 2013 version of the standard allows you to use either Plan-Do-Check-Act (PDCA) cycle or other approaches. Whereas the 2005 edition of the Standard specified the PDCA cycle as the only method for developing and continually improving an ISMS. 
• The terms and definitions that appeared in the 2005 edition of the Standard have now been removed, and instead ISO/IEC 27000:2012 is referenced as the source for terms and definitions.
• The terminology in the Standard has been updated. There is an increased focus on setting objectives, assessing performance and metrics in ISO/IEC 27001:2013.
• The risk assessment requirements in the Standard are less prescriptive and are aligned with ISO31000, the International Standard for risk management.
• The requirements for management commitment have been overhauled and are largely covered by the Leadership clause.
• The requirements for a SoA (Statement of Applicability) in the 2013 edition have been enhanced, and the risk treatment process makes it easier to adopt control frameworks other than Annex A.
• Annex B has been deleted, and Annex A has also been revised and restructured. There are now 114 controls under 14 categories, as opposed to the 133 under 11 headings in the 2005 edition of the Standard.

Further guidance on ISO27001:2013 and why you need it >>

Please note: We supply the British and other national adoptions of ISO 27001, which all contain exactly the same content, interchangeably.

Corrigenda

Please note that two Technical Corrigenda have been issued since ISO/IEC 27001:2013 was published. These can be downloaded free of charge direct from ISO via the following links, and are also supplied by IT Governance when you purchase this Standard:

Technical Corrigendum 1 (ISO/IEC 27001:2013/Cor.1:2014) >>

Technical Corrigendum 2 (ISO/IEC 27001:2013/Cor.2:2015) >>

Customer Reviews

(0# of Ratings:)