ISO/IEC 27001 2013 and ISO/IEC 27002 2013 Standards
The newest (2013) version of the international standard for information security management systems (ISMS’).
Looking for the 2017 version? Please be aware that the international standard is still the 2013 version. Some suppliers have republished country-specific versions of ISO 27001 (labelled ISO 27001:2017), which include additional corrigenda that were released after the 2013 publication date. These corrigenda are freely available from the ISO website for those who purchased the original version. They are also supplied by IT Governance when you purchase this standard.
Cyber security is an understandable concern for any organisation, but an effective Information Security Management System (ISMS) can significantly reduce the risk of exposure to security breaches which an organisation faces.
Standards included here are ISO/IEC 27001:2013 and ISO/IEC 27002:2013.
- ISO/IEC 27001:2013 is the new international Standard which details the requirements for an ISMS.
- ISO/IEC 27002:2013 is the new international Standard which supports the implementation of an ISMS based on the requirements of ISO27001.
If you are implementing or thinking about implementing an ISMS, you need both of these standards as your principle point of reference. ISO 27001 is the only security Standard that takes an integrated approach to information security, addressing the three essential facets of cyber security (people, processes and technology) in a single cohesive strategy. With the new, 2013, version, implementation has never been easier.
Why is ISO 27001:2013 easier to implement than the previous version?
- The asset-based risk assessment approach is no longer a requirement: any form of risk assessment can be applied.
- Any set of control frameworks can be used; mapping can be done back to the controls in Annex A once organisational compliance obligations have been met.
- The new standard is more accommodating in respect of recognising that different organisations have different risk appetites and businesses drivers.
- Any form of continual improvement methodology can be applied to ensure that adequate measures and controls are maintained.
- The new standard is able to integrate with other management system frameworks, making it easier for organisations aligning to more than one standard.
- The standard is better suited to the governance environment of a larger organisation than the previous version.
Please note that two Technical Corrigenda have been issued since ISO/IEC 27001:2013 was published. These can be downloaded free of charge direct from ISO via the following links: