Making excellence a habit
The internationally acclaimed standard for information security management (ISO/IEC 27001) and accompanying ISO/IEC 27002, ‘Code of practice for information security management controls’ have been revised.
Following the publication of an initial draft international standard (DIS) and extensive public consultation, both ISO/IEC 27001 and ISO/IEC 27002 have passed their final draft standard (FDIS) ballots and proceeded to final publication.
The current standard is still valid and you can still get certified against it.
If you are close to implementing your ISO/IEC 27001 management system we can assess you against the ISO/IEC 27001:2005 standard, as long as your visits are completed within the next 12 months. We can then work with you to complete your transition to the new ISO/IEC 27001:2013 version during your continual assessment visits.
If you are still in the very early stages of adopting ISO/IEC 27001, or unlikely to be able to go through the assessment visits within the next 12 months, we would recommend that you work towards certification against ISO/IEC 27001:2013.
We are here to make sure that as an existing ISO/IEC 27001:2005 certification customer you have all the information and tools that you need to understand the changes to the standard. We will work with you to transition over the next two years as part of your planned certification surveillance visits.
A free transition guide is available, giving you an overview of the main differences and proving pointers on key aspects you should consider.