ISO/IEC 27001 Information Security Management
Submit Articles Back to Articles
Standard was last updated in 2005 along with the code of Practice
ISO/IEC 27002 and is currently being reviewed and updated by JTC1/SC27,
the ISO/IEC Committee responsible for these Standards.
publication is sometime in 2012 although it had been previously been
muted as 2011.
Readers of this blog may remember that ISO 19011 (Quality/Environmental
Auditing Standard Update) was to have been published in June 2011
however, the final draft for public comment was so badly received that
the proposed Standard was withdrawn in total and it was sent back to
the 'drawing board'.
The 27001/27002 Standards have reached final committee stage, which is
usually the precursor to a final draft for public comment. There have
been few details about the update but here are the ones that have been
We will have to see what, if any of these elements will see the light
of day and of course, when.
- No major changes to the Standard are envisaged as it is
essential that full backwards compatibility is maintained.
- All management Standards are adopting a common structure
and terminology. It is reasonable to assume that the Information
Security Standards will follow this trend.
- The part that has raised some eyebrows across the world
concerns the Statement of Applicability which may be dropped from the
2012 Standard. If this is the case then something will have to be put
in its place, otherwise organisations would be able to claim conformity
to ISO27001 without meeting all aspects of it. The Statement of
Applicability has up to now detailed the extent that the organisation
has achieved compliance. It could be that the level of compliance will
have to be stated within the 'Scope' instead.
- Most of the Management Standards use the PDCA model
(Plan-Do-Check-Act) as a tool to achieve continual improvement. It has
been suggested that the PDCA should not be explicitly detailed in the
updated ISMS Standards; a move that has not been universally welcomed.
It is always useful to keep up to date with developments and
reason I have posted these details.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality
Limited an established independent management consultancy based in
Essex, UK which specialises in ISO27001 Information Security
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2012-01-23 11:21:36 in Computer Articles