How will the release of ISO/IEC 27001:2013 affect you if your organisation is already certified?

I attended our Cyber Security event in Cambridge at the Hauser Forum on 24 September 2013. During this event the delegates that attended, including myself, benefited from industry experts sharing their knowledge and experience in the field of cyber security.

One of the talks during the event was presented by IT Governance’s very own director of training and consultancy, Steve Watkins. Steve gave a talk about the challenges posed by cyber security issues and gave an overview of the standards and methodologies that could be employed to address these issues. Steve presented some insightful information on the new version of ISO/IEC 27001. Subsequent to Steve’s presentation he held a question and answer session, and one question kept recurring ‘how will the release of the new version of the standard affect us if we are already certified?’.

Steve answered this question quite simply; here I seek to answer that question for the benefit of our Web audience.

Organisations that are already certified against the 2005 edition of ISO/IEC 27001 will need to upgrade their Information Security Management Systems (ISMS) to be aligned with ISO/IEC 27001:2013.  There will be a transition period of two to three years, during which organisations that are certified against the 2005 version of the standard will be expected to upgrade their ISMS, though the length of this period has yet to be formally agreed.

At the end of the transition period only organisations that have a certificate that states their ISMS conforms to the requirements in ISO/IEC 27001:2013 will be able to state they are ISO/IEC 27001-certified.

>>>>>>>> Purchase ISO/IEC 27001:2013 and ISO/IEC 27002:2013 together from the IT Governance Webshop