New Paradigm Consulting - The Fresh Approach

Information Security Management

ISO 27001:2013

22 April 2014
Information Security Management

What is ISO 27001:2013?

ISO 27001 : 2013 is an internationally recognised standard that lays out requirements to which an organisation must adhere, to demonstrate that it’s information is managed within a framework committed to continually reviewing and improving the security of that information in line with the Data Protection Act of 1998. The framework is commonly referred to as an information security management system. As ISO 27001 : 2013 is an internationally recognised standard, most information security management systems are based on its requirements.

The standard focuses on how your organisation

  • Controls important documentation and records,
  • Manages assets via which important information can be accessed,
  • Manages information security processes in line with the 3 key principals of information security; Confidentiality, Integrity and Availability,
  • Management of risks to information security,
  • Reviews internal processes and problems,
  • Managing your commitment to continual improvement of the ISMS.

New Paradigm Consulting specialises in streamlining management systems and here is a tip for you to reduce some of the administration associated with meeting the requirements of ISO 27001 : 2013.

Many organisations that have already implemented an Information Security Management System that is certified against ISO 27001 : 2005 will be aware that the standard was updated and published on the 25th of September 2013. This will result in those organisations being subject to a new set of audit criteria following the transition period (To be decided). Once this transition period has been completed, those companies will be audited against the requirements of ISO 27001 : 2013.

Until the transition period has been completed organisations can still be audited against the requirements of ISO 27001 : 2005, but in the mean time, it would be sensible to begin the process of updating your system to meet the requirements of the updated standard.

Those organisations will be pleased to know that instead of having to satisfy compliance with the 133 information security controls as detailed in ISO 27001 : 2005, they will have to satisfy compliance with 114 controls. Some controls have been removed altogether e.g A.11.6.2. Whilst others have been amalgamated e.g A.10.10.1, A.10.10.2 & A.10.10.5 have become A.12.4.1. So there is an opportunity to amalgamate some policies and processes to reduce the amount of administration required to maintain the system.

The standard itself has been developed to become a 10 clause standard which will reflect the new structure applied to the future versions of ISO 9001 and ISO 14001 standards (Currently being updated).

Please contact New Paradigm Consulting if you wish to begin this transition and we can discuss other opportunities for streamlining your information security management system with the emphasis on reducing the effort required to manage it.

Please contact us if you wish to implement a management system compliant with ISO 27001:2013 within your organisation.

Get in touch

ISO Standards

Is your company interested in gaining certification to any of the following standards?

We can discuss the implementation process, timescales and the availability of any funding for the project

Get in touch