Penarth Management Limited
Call us on 029 2070 3328
  • Home
  • About Us
    • About
    • Who's Who
    • News >
      • Blog
      • Client News
      • Newsletters
      • Penarth in the Press >
        • GDPR Alliance
    • Careers with Penarth
    • Clients
    • Certification Bodies
    • Resources
    • FAQ's
    • Useful Links
  • Consultancy
    • Quality >
      • ISO9001 Quality Systems
      • Chain of Custody
      • ISO13485 Medical Devices
      • National Highways Sector Schemes
      • Security Industry
      • TickIT Guide
    • Environmental >
      • ISO14001 Environmental Systems
      • BS EN ISO50001 Energy Management Systems
      • BS8555 - A Phased Approach to ISO14001
      • Chain of Custody
      • Chemical Industry Responsible Care Programme
      • Environmental Reviews
      • Legal Compliance
      • Packaging Regulations
      • The WEEE Directive
    • Health and Safety Services >
      • OHSAS18001 Health & Safety Systems
      • Risk Assessments
      • CE Marking & Evaluation
      • Chemical Industry Responsible Care Programme
      • Fire Safety
      • Legal Compliance
    • Information Security >
      • ISO27001 Information Security
      • GDPR
      • GDPR Data Flow Process Mapping Workshop
    • Food >
      • BRC Consultancy and Technical Support
      • Food Safety
      • ISO22000 Food Safety Management
    • Management >
      • Internal Audits
      • Policies
      • Integrated Management Systems
      • Maintaining Management Systems
      • Gap Analysis
      • Supply Chain Auditing
      • Sustainability
    • Tender Support
    • Other >
      • Helping New Businesses
      • ISO22301 Business Continuity
      • Compliance Manager
      • Corporate Social Responsibility (CSR)
  • Compliance Software
    • Mango
    • Mango Modules
    • Mango Video Testimonials
    • Request a Demo
  • Training
    • Quality >
      • Introduction to ISO9001
      • ISO 9001 Quality Management Systems Training
      • ISO9001 Internal Quality Auditing
      • ISO9001 Quality Lead Auditor
    • Environment >
      • ISO 14001 Environmental Management Systems Training
      • Introduction to ISO14001
      • Environmental Awareness
      • ISO14001 Internal Environmental Auditing
    • Health and Safety >
      • Introduction to OHSAS18001
      • OHSAS18001 Internal Safety Auditing
      • Accident Scene Management
      • CE Marking
      • COSHH
      • Level 2 Health and Safety
      • Level 3 Health and Safety
      • Level 4 Health and Safety
      • Manual Handling
      • Management of Contractors
      • ROLO
      • Risk Assessment
      • Health and Safety for Maintenance and Housing Staff
      • Fire Safety
      • First Aid >
        • Emergency First Aid
        • First Aid at Work
    • LANTRA >
      • Management Systems
      • Level 2 Award in Waste Awareness
      • Level 4 Award in Managing Environmental Performance (Wastes)
      • Level 6 Award in Managing Business Risks in Land-based Establishments
    • Food Safety >
      • Level 2 Award in Food Safety in Catering
      • Level 3 Award in Supervising Food Safety in Catering
    • GDPR Awareness
    • GDPR for Web Developers
  • BSI Standards Shop
  • Sectors
    • Automotive
    • Ecology
    • Education
    • Housing
    • Landscaping
    • Medical
    • Print
    • Security
    • New ISO 14001 Environmental Management Systems Training
  • Contact Us
    • How to Find Us
  • ISO14001 Environmental Systems
  • ISO9001 Quality Systems
  • ISO 45001

ISO27001 has been updated!

11/10/2013

0 Comments

 
Picture
The revised version of ISO 27001 – Information Security Management System standard has just been published this month.

There have been a number of influences on the revision, the primary one has taken account of the practical experience of using the standard, there are now over 17,000 registrations worldwide. A further influence is an ISO requirement that all new and revised management system standards must conform to a high level structure and identical core text  with a tendency to make all management system standards look the same.  Finally a decision was made to align ISO/IEC 27001 with the principles and guidance given in ISO 31000 (risk management).   There are over fifteen alterations made in the revised document encompassing  concepts/updates and annexes making this document a major revision of the 2005 standard.

The main changes from the previous version include the following:

  • Change of content/layout to conform with the structure now defined for all future management system standards (Annex SL of ISO/IEC Directive) – (see ISO 22301 for an example). This change introduces a clause on Organisational Context and understanding the needs and expectations of interested parties.
  • Preventive action is replaced by “Actions to address, risks and opportunities”.
  • Document and Records Control amalgamated into one clause.
  • Specific inclusion of Outsourcing – very important where the maintenance of IT services is contracted out, or where data is stored remotely by a third party data centre (Cloud storage).
  • Emphasis increased regarding setting objectives and monitoring and measuring performance.

In addition the content of Annex A – the extensive section on Control Objectives and Controls – has changed, with more sections but amalgamation of some controls. This will certainly require reviewing and updating any Statement of Applicability as it covers theses controls (or justifies any exclusions).

So although a lot of the changes are to the structure, there are also some significant differences in intent, emphasis and content which will require revision of existing ISO 27001 Information Management systems and a change of outlook for those intending to implement the standard in the future.

You can purchase a copy of the new Standard from us at a £15 discount by following this link www.penarth.co.uk/bsi-standards-shop.html


0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Archives

    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    April 2017
    January 2017
    September 2016
    May 2016
    February 2016
    January 2016
    November 2015
    October 2015
    September 2015
    March 2014
    November 2013
    October 2013
    September 2013
    July 2013
    May 2013
    April 2013
    March 2013
    February 2013
    December 2012
    October 2012
    May 2012
    April 2012

    RSS Feed

    Categories

    All
    Assessment
    Better
    Business Continuity
    COSHH
    DSE
    Eco
    Environment
    Fire
    GDPR
    Gift Tags
    Greener
    Hazardous Substances
    Health And Safety
    Human Error
    Iso14001
    Iso22301
    Iso27001
    Iso9001
    Legislation
    Money Saving
    Non-value-add Cost
    Ohsas18001
    Poka-yoke
    Prosecution
    Quality
    Quality Control
    Radio
    Risk Assessment
    Safer
    Training

Penarth Management Limited
Alexandra Gate Business Centre, 2 Alexandra Gate, Ffordd Pengam, CARDIFF CF24 2SA
Tel: 029 2070 3328
Email: info@penarth.co.uk

Photo used under Creative Commons from the.Firebottle
✕