Seen the new ISO 27000 and ISO 27002?

Update 06/04/2017:
Further to the post below sharing news of the publication of BS EN ISO/IEC 27000:2017 and BS EN ISO/IEC 27002:2017, BSI have also published BS EN ISO/IEC 27001:2017.The change in this third corrigendum is described in the amendments table as follows:

31 March 2017 This corrigendum renumbers BS ISO/IEC 27001:2013 as BS EN ISO/IEC 27001:2017

This change relates to the same ‘EN status’ change as for BS EN ISO 27000 and BS EN ISO 27002 – see the below for further information.

This change has no effect on IT Governance clients that hold ISO/IEC 27001:2013 accredited certification – certification bodies are normally accredited for services related to the international version of the standard and hence certification body auditors and accredited certificates of conformity should continue to reference ISO/IEC 27001:2013.

You may have noticed that earlier this month the British Standards Institution (BSI) issued two new documents:

  • BS EN ISO 27000:2017
  • BS EN ISO 27002:2017

These two documents reflect the national adoption of the international standards ISO/IEC 27000:2016 and ISO/IEC 27002:2013 being re-referenced to reflect their new ‘EN’ status.

‘EN’ reflects their status as European Standards (ENs) and the year has been updated according to the documents’ release date.

EN status

European Standards are documents that have been ratified by one of the three European Standardisation Organisations (ESOs):

  • European Committee for Standardization (CEN)
  • European Committee for Electrotechnical Standardization (CENELEC)
  • European Telecommunications Standards Institute (ETSI)

These three bodies are recognised as competent in the area of voluntary technical standardisation. The European Union Regulation 1025/2012, which settles the legal framework for standardisation, has been adopted by the European Parliament and the Council of the EU.

The EN status means that each of the 34 member countries of CEN–CENELEC have to adopt the Standard at a national level and withdraw any conflicting standard(s). Therefore, any European Standard automatically becomes a national standard in each CEN–CENELEC member country.

No change to content

Because there is no change to the actual content of these standards, they will continue to be referenced internationally as ISO/IEC 27000:2016 and ISO/IEC 27002:2013, respectively until updates are published.

Subscribe to the Daily Sentinel to keep up to date with ISO standard news, as well as the latest cyber security stories and advice.