Expert Article                  Home | Legal notice | Privacy document | Accessibility | Directory | Contact | Search | Site Map  
  •  
  •  
Font Size

ISO/IEC 27001 Information Security Management

 By Chris Eden

Chris Eden - Quality Matters Limited

Add an article   Back to list

This Standard was last updated in 2005 along with the code of Practice ISO/IEC 27002 and is currently being reviewed and updated by JTC1/SC27, the ISO/IEC Committee responsible for these Standards.

The planned publication is sometime in 2012 although it had been previously been muted as 2011.

Readers of this blog may remember that ISO 19011 (Quality/Environmental Auditing Standard Update) was to have been published in June 2011 however, the final draft for public comment was so badly received that the proposed Standard was withdrawn in total and it was sent back to the 'drawing board'.

The 27001/27002 Standards have reached final committee stage, which is usually the precursor to a final draft for public comment. There have been few details about the update but here are the ones that have been discussed:

  • No major changes to the Standard are envisaged as it is essential that full backwards compatibility is maintained.
  • All management Standards are adopting a common structure and terminology. It is reasonable to assume that the Information Security Standards will follow this trend.
  • The part that has raised some eyebrows across the world concerns the Statement of Applicability which may be dropped from the 2012 Standard. If this is the case then something will have to be put in its place, otherwise organisations would be able to claim conformity to ISO27001 without meeting all aspects of it. The Statement of Applicability has up to now detailed the extent that the organisation has achieved compliance. It could be that the level of compliance will have to be stated within the 'Scope' instead.
  • Most of the Management Standards use the PDCA model (Plan-Do-Check-Act) as a tool to achieve continual improvement. It has been suggested that the PDCA should not be explicitly detailed in the updated ISMS Standards; a move that has not been universally welcomed.
We will have to see what, if any of these elements will see the light of day and of course, when.

It is always useful to keep up to date with developments and for that reason I have posted these details.

About the Author

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy based in Essex, UK which specialises in ISO27001 Information Security Management consultancy.

Sign up to receive our FREE Newsletter for tax, legal and business tips by e-mail.


Tax Sheet android app
FREE UK Tax Rates App

Article Published/Sorted/Amended on Scopulus 2012-01-23 11:21:36 in Computer Articles


Copyright © 2004 - 2012 Scopulus Limited. All rights reserved.  Terms of use  Privacy Policy  Directory  Contact  Search  Site Map1