Print this Page

ISO 27001

ISO 27001: 2013. The new version of the international standard

25.09.2013 – International Organization for Standardization has published a new version of ISO / IEC 27001: 2013

September 25, 2013 published a new version of the International Standard ISO / IEC 27001: 2013.

Official name:

  • ISO / IEC 27001: 2013. Information technology – Security techniques – Information security management systems – Requirements.

The new version of the standard includes the following sections:

1. Scope

2. Normative references

3. Terms and definitions

4. The context of the organization

4.1. Understanding the organization and its context

4.2. Understanding the needs and expectations of stakeholders

4.3. Defining the scope of information security management system

4.4. Information Security Management System

5. Guide

5.1. Leadership and commitment

5.2. Policy

5.3. Roles, responsibilities and powers of the organization

6. Planning

6.1. Actions to study the risks and opportunities

6.2. The objectives of information security and planning to achieve them

7. Support

7.1. Resources

7.2. Competence

7.3. Awareness

7.4. Communication

7.5. Documented information

8. Operation

8.1. Operational planning and management

8.2. Information security risk assessment

8.3. Processing of information security risks

9. Evaluation

9.1. Monitoring, measurement, analysis and evaluation

9.2. Internal audit

9.3. Management review

10. Improvement

10.1. Non-compliance and corrective action

10.2. Continuous improvement

Thus, the structure of the new version of the standard is identical to the structure of the management system standards, which significantly facilitates the integration of the standard with other management system standards. In this standard process of evaluation and processing of information security risks is consistent with the principles and guidelines presented in ISO 31000

Chairman of the working group that developed the standard and accompanying Edward Humphries explains: “We have made a number of improvements in security controls listed in Annex A to the standard meets the requirements of modern times and risks such as identity theft, threats for mobile devices and other network vulnerability.

Permanent link to this article:

  • RSS
  • LinkedIn
Return to Top ▲Return to Top ▲