With release of the 2013 edition of ISO/IEC 27001, ISO and IEC have released a standard that is very much different to the 2005 edition. There is plenty of waffle on the Internet of what is and what is not in the new standard. Many are looking for answers to common questions that arise. Questions such as:
What are the key differences between the 2005 and 2013 editions of ISO/IEC 27001?
How do we transition our ISMS to be compliant with the new standard?
What does the release of the new standard actually mean for us?
Where should organisations looking to become certified against ISO/IEC 27001 start?
There are also many other questions besides these, all of them very valid.
But where do you get the answers to these and other questions?
It would be advisable to read both ISO/IEC 27001:2013 and ISO/IEC 27002:2013 as a starter. Only by first reading the two key ISMS standards can you really start to formulate and contextualise the information held within and its implications for you and your organisation.
If you are looking for a basic overview and implementation guide to ISO/IEC 27001:2013 An Introduction to ISO/IEC 27001:2013 is an ideal place for you to start. It provides a summary of the new standard, gives basic and practical implementation guidance and shares a simple and business-friendly risk assessment/risk treatment method that organisations will find useful now that you can employ other risk assessment methods other than the asset-based approach detailed in ISO/IEC 27005.
Talk to industry experts
Having read both of the standards and the introductory guide above, we would also suggest that talking to industry experts is a good way to get answers to your questions on ISO/IEC 27001:2013. IT Governance, as part of our ongoing series of events, are hosting an event titled The transition to ISO27001:2013 – Preparing for the Change on 23 October in Farnborough in the UK. Our very own ISMS experts, Alan Calder and Steve Watkins will be presenting at the event. Alan and Steve lead the first implementation of ISO/IEC 27001 anywhere in the world and co-authored IT Governance: An International Guide the defacto implementation guide for the standard.
|Alan Calder||Steve Watkins|
Get the answers to your ISO/IEC 27001 questions from Alan and Steve!