ISO Standards Update – LRQA looks at the revisions to information security standard ISO/IEC 27001

A lot has changed in the world of IT since the information security management system standard, ISO 27001, was first published in 2005. The ISO standard is now being reviewed as part of the overall ISO revisions process currently underway to ensure it appropriately supports current information security systems.

This year the new version of ISO 27001 has been through the first formal draft (DIS) and public comment stage. The development committee approved the Final Draft International Standard (FDIS) in May 2013 and it has now been released for public review. The ISO committee, ISO/IEC JTC 1/SC 27, currently plan to publish the final version of ISO 27001 in October/November 2013.

The changes to ISO 27001

The FDIS published in May 2013 has been used to reflect the changes to ISO 27001 and how they will impact an information security management system (ISMS) that uses the standard to support IS policy. There are two main areas for revision, firstly, the high level structure of management system standards based on Annex SL; and secondly, the promotion of the risk management standard, ISO 31000.

LRQA’s technical experts have developed a white paper highlighting the changes to ISO 27001 and what these mean for organisations that have implemented, or are thinking of implementing, the standard to support their ISMS.