This internationally acclaimed standard for information security management has been revised. Since their conception in the early 1990s, globally recognized standards in Information Security have grown in rigor and recognition. So have information security threats and the best ways to manage them.
To reflect current best practice, BS ISO/IEC 27001:2013 provides specific recommendations to help you establish your own Information Security Management System (ISMS), monitor its performance and implement improvements where necessary.
The new standard is written using the high level structure that will be common to all new management system standards. This will allow easier integration when implementing more than one management system within your organization.
BS ISO/IEC 27001:2013 is less prescriptive, allowing greater flexibility on how requirements are satisfied, thereby giving organizations greater freedom to implement requirements in a manner best suited to them.
The document allows you to see where you can simplify your current information security management practices or adopt new practices that are more natural to the needs and culture of your organization. If you are introducing an information security management system for the first time, the new standard ensures you are following today’s best practice from the start.
BS ISO/IEC 27001:2013 requirements can be used to prepare your organization for third party audits and certification purposes.
Taking into account the experiences of users who have implemented or sought certification to ISO/IEC 27001:2005, the new standard offers a more flexible, streamlined approach intended to ensure more effective risk management.
A number of changes to the security controls listed in Annex A have been made to ensure the standard is current and consistent with the new BS ISO/IEC 27002:2013.
2 Normative references
3 Terms and definitions
4 Context of the organization
9 Performance evaluation
You may also be interested in…
BS ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls
New information security books
From a more detailed understanding of the new standard to guidelines on implementation, certification and audits, we have a number of books to help you make your transition.
Certification to ISO/IEC 27001 Information Security Management
Keep your information confidential and show that you have information security risk under control with a certified ISO/IEC 27001 management system.
Information Security Training Courses ISO/IEC 27001
Our ISO/IEC 27001 training courses are designed with your business in mind and delivered by best in class trainers.