ISO 27002 and 27001 InfoSec Management System ********* The big news is that both ISO 27001 and ISO 27001 have been overhauled and updated. New releases have been launched by ISO in the last two weeks. The changes are significant. ISO 27001: 2013 The layout of the new release is significantly different. There are no duplicate requirements, and the demands are less prescriptive, giving organisations greater freedom of implementation. The new standard: Context Of The Organization; Information Security Leadership; Planning An ISMS; Support; Operation; Performance Evaluation; Improvement ISO 27002: 2013 There are now only 114 controls (down from 133), in 14 sections rather than 11. Significantly, the section on risk assessment and risk treatment has been deleted. *** *** Related Risk Topics would be included in ISO 31000 *** This is similar to the new release of ISO 9001 _______________________________________ This is a news bulletin from the Yahoo ISO 27001 Support Group: groups.yahoo/neo/groups/iso-27001/conversations/messages Dated: Oct 10, 2013.
Posted on: Wed, 09 Oct 2013 17:27:39 +0000