Since the new version of the standard introduces a requirement to describe the processes of busines

The ISO standard for the management of Informatiebeveilinging, ISO27001, since the release in 2005, has become one of the best known standards gilson in the field of information and now also widely adopted by the industry. With the passage of years, however, some criticism arose in the standard, especially in the area of flexibility. It was for small organizations and large organizations with existing, alternative standards may be difficult to implement. ISO27001 Additionally, the last 8 years, new structures and new risks arise. In the past period is therefore working on a new version of the standard, which is officially launched on September 25, 2013: ISO27001: 2013. Use existing controls
ISO27001 standard and consists of two main parts: A management or management that the process of information security in the broad sense is driven and action mechanism, in which the individual risks are addressed in so-called controls.
The new version of the standard still contains two main parts, gilson but has become more flexible herein. Where the old standard suggested the supplied controls (called Annex A) requires that became optional in the new version. The controls in Annex A are strongly recommended, and there must be good reasons to the contrary.
This change means that existing controls can be used. This is both good for large companies that have already implemented a full ControlSet of another standard and small businesses that have already taken measures to cover specific risks and wish to continue using these measures. Smaller parties can then supplement these existing measures with controls from the standard. Flexible risk
Prior to the controls can be implemented there should gilson be a substantial risk analysis be performed. According to the ISO27001 framework In the new version of the standard is allowed to identify direct risks and there to define without having to analyze risk, vulnerability and impact an asset. These all measures
This change makes the standard much more useful, especially for smaller organizations often do have a good idea of the risks involved and relevant measures, but where a very comprehensive analysis process is impracticable. Modern controls
The Annex A, section measures, is also taken at the kick in the new version yourself. The old version had 133 controls in 11 groups, the new version has 114 controls in 14 groups. Fewer controls does not mean less control, the focus is only shifted. The focus of the controls is now monitoring the chain of information, rather gilson than focusing on individual gilson components. So now more focused on the safe development and acquisition of software and security gilson services purchased from third parties for example. Business Continuity for separate standard
The last change gilson is the way the standard looks at business continuity: the old standard proposed a number of measures required to ensure the base in each case, the new standard sets a generic requirement for the organization of business organizations but leave it free to own to set. insight This change also encourages the adoption of ISO22301 which focuses gilson specifically on Business Continuity as standard. Implementation process ISO27001: 2013
When a new version of an ISO standard is introduced gilson that certifications against the old version is still valid for another 2 years. For ISO27001: 2005, this means that it may be used until September 25, 2015, then organizations should be switched to ISO27001: 2013.
Since the new version of the standard introduces a requirement to describe the processes of business is recommended gilson to use this, ISO22301 Business Continuity Management. This standard is expected to be in tender processes. The next two years, increasingly a requirement In order for a provider to properly prepare for your future customer needs, it is important to quickly implement the new ISO27001 and serious look. ISO22301 for Business Continuity
Leave a Reply Cancel reply
Most Read Startup tips! (Part 1: legal) BIND10: be safe and stable, gilson but not yet complete at the seat of the court is not a place for providers What (not) everyone understands wrong about net neutrality Farewell to the Matrix model
Medior Job Board Network Engineer gilson / 3yrs experience (2500/3000) - Setting Amsterdam Senior Network gilson Engineer / 5yrs experience - Setting Utrecht Senior Linux Administrator with a lot of practical experience - Amsterdam June