The internationally acclaimed standard for information security management (ISO/IEC 27001) is currently being revised, and open for public consultation in order to keep it relevant to the issues and challenges which companies face today along with accompanying ISO 27002, ‘Code of practice for information security management’.
ISO/IEC 27001 was first published in 2005 and a lot has changed in the world of information technology since then.
The draft standard has been written using the new high level structure which is common to all new management systems standards. This will allow easy integration when implementing more than one management system.
The draft of the revised standard can be found on BSI's Draft Review System where UK stakeholders can comment and make suggestions on the changes to help shape the final standard.
Other changes include some controls being deleted or re-worded and other requirements added.
What happens next?
The international committee will meet at the end of April to discuss all the comments.
The revised standard is expected to be published towards the end of 2013 and we will keep you updated on progress.