In April 2012, ISO updated its directives. Of particular importance is a new annex – Annex SL – in which Appendix 3 defines the High Level Structure and Identical Core Text for all new and revised management system standards. The concept is that some requirements, e.g. management review, are common to all management system standards and therefore ought to be identically worded.
This will ensure consistency among future and revised management system standards and make integrated use simpler. It will also make the standards easier to read and, in so doing, be understood by users.
This book explains the new requirements and how they are related to those in management system standards published prior to the advent of the new ISO directives. No prior knowledge of management systems is assumed.
It aims to:
- Demonstrate how familiar concepts have metamorphosed into new ones
- Provide fresh insights into understanding management system standards
- Offer guidance on how to develop a management system for the first time
- Give advice on transitioning existing management systems to the new requirements and on the construction and use of integrated management systems.
The book is aimed primarily at people who engage in creating and running management systems, including management system administrators, consultants, trainers and auditors.
Dr. David Brewer was one of the first consultants to advise the British Government on information security matters, providing assistance to establish the first ever computer security evaluation facilities and evaluation criteria, and is a a co-author of the original ISMS standard, BS 7799 Part 2.
He is now an active member of the UK delegation to ISO JTC 1 SC27 WG1, which is responsible for the IS27000 family of standards; and is co-editor for the revision of ISO/IEC 27004 (Measurements). He is well known for his work in rolling out ISO/IEC 27001 to the whole of the Civil Service in Mauritius, which is an exemplar of his ISMS implementation methodology, and his ability to train people to train others.
Introduction - Preface; What this book is about; How to use this book; Benefits;
Chapter 1 – The new ISO management system requirements; Introduction; Motivation; High level structure; Identical core text; Deviations; Discipline-specific text
Chapter 2 - Management system concepts; Introduction; Definitions; What is a management system?; Understanding management system standards; Evolution of management system concepts; Principles of a management system; Integrated management systems
Chapter 3 – Understanding the new requirements; Introduction; What ever happened to PDCA?; Scope, organisation and context Policy and objectives; Risks and opportunities; Operation; Performance evaluation and action; Management and support; Discipline-specific requirements; Implementation guidance
Chapter 4 - Transitioning to the new ISMS standard; IntroductionTransition strategies; Integrated management system considerations; Areas requiring little or no change; Areas that potentially require a rethink; New requirements likely to be satisfied already; New requirements that may present a challenge; Areas where an organisation may take the opportunity to improve
Other information security books you might be interested in...
From a more detailed understanding of the new standard to guidelines on implementation, certification and audits, we have a number of books to help you make your transition.