From accidental unauthorized access to downright espionage: the information security threats are brought to our attention via the media all the time. The new version of ISO 27001 which was just published by ISO has as its goal to identify corporate information security risks, to analyze them and to use suitable measures to make them controllable.
What has changed with this new version?
In their blog post about the new standard, ISO focuses on the improvements to the security controls to the modern-day threats. Of course, the new standard also incorporates the high-level structure, which makes it easier to integrate it with other management systems.
All in all, the number of changes and its consequences are manageable. To give an example: the new ISO 27001:2013 has only 113 controls instead of the previous 133. Contrary to what you may think, this does not necessarily lead to less work for companies which are implementing this standard, as at the same time, some requirements which were less important have gained influence.
Can I offer the new version of the standard to my customers already?
DQS GmbH and all DQS UL offices working under its accreditation can immediately offer the newest :2013 version of the standard when keeping in mind the following:
- Auditors will need a training to learn about the new requirements in the :2013version.
- Customers with valid certificates can change to the new standard quite easily, via a delta-audit. This means that an extra day of system analysis and an extra day on-site will be necessary.
- This delta audit can take place at any time during the audit cycle, so both during re-certification audits as during advancement assessments. If it takes place during the advancement assessment, the new certificate for ISO 27001:2013 will have the same period of validity as the old one.
Counting from the date of publication (1st of October 2013), customers will probably have 18 months’ time to change to the new standard. After these 18 months, certificates according to ISO 27001:2005 would then no longer be valid.
Support for DQS UL customers and other interested parties in this transition phase
As with any standard revision, companies who are in the transition phase towards the new ISO 27001:2013 will be looking for support. DQS UL offices can support them in a number of ways. With local ISO 27001 experts, one could offer webinars, workshops or information sessions. Many customers will appreciate offers for gap analyses or pre-audits at their company.
Any questions regarding the new norm?
Call us now at +603 3342 3259 or send us an email at firstname.lastname@example.org.
You are looking for a partner who understands your business
We are looking for customers who are ready for success.