ISO 27001

ISO 27001:2013 Information technology— Security techniques — Information security management systems — Requirements is an information security standard which specifies management system requirements, and as of July 2013 is in the Final Draft International Standard (FDIS) stage.

ITOrganizations can demonstrate their ISMS (Information Security Management System) compliance with ISO 27001 by being audited and accredited by a JAS-ANZ certification body.

The structure of the ISO 27000 series mirrors other new management standards such as ISO22301 (business continuity management), ISO 9000 and ISO 20000, helping organisations who aim to comply with multiple standards.

Changes from the 2005 standard include:

  • more emphasis on measuring and evaluating how well an organisation’s ISMS is performing,
  • a new section on outsourcing, reflective of the requirement on third parties to engage outsourced IT services,
  • less emphasis on the PDCA cycle,
  • extra focus on the organisational context of information security,
  • changes to risk assessment requirements.

The current version of AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements can be downloaded here http://infostore.saiglobal.com/store/Details.aspx?ProductID=394887

The Final Draft of ISO/IEC 27001:2013 ISO/IEC FDIS 27001 Information technology – Security techniques – Information security management systems – Requirements http://infostore.saiglobal.com/store/Details.aspx?ProductID=1639027