Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Tuesday, 1 November 2011

ISO/IEC 27001 Information Security Management

This Standard was last updated in 2005 along with the code of Practice ISO/IEC 27002 and is currently being reviewed and updated by JTC1/SC27, the ISO/IEC Committee responsible for these Standards.

The planned publication is sometime in 2012 although it had been previously been muted as 2011.

Readers of this blog may  remember that ISO 19011 (Quality/Environmental Auditing Standard Update) was to have been published in June 2011 however,  the final draft for public comment was so badly received that the proposed Standard was withdrawn in total and it was sent back to the 'drawing board'.

The 27001/27002 Standards have reached final committee stage, which is usually the precursor to a final draft for public comment.  There have been few details about the update but here are the ones that have been discussed:

  • No major changes to the Standard are envisaged as it is essential that full backwards compatibility is maintained.
  • All management Standards are adopting a common structure and terminology.  It is reasonable to assume that the Information Security Standards will follow this trend.
  • The part that has raised some eyebrows across the world concerns the Statement of Applicability which may be dropped from the 2012 Standard.  If this is the case then something will have to be put in its place, otherwise organisations would be able to claim conformity to ISO27001 without meeting all aspects of it.  The Statement of Applicability has up to now detailed the extent that the organisation has achieved compliance.   It could be that the level of compliance will have to be stated within the 'Scope' instead.
  • Most of the Management Standards  use the PDCA model (Plan-Do-Check-Act) as a tool to achieve  continual improvement.  It has been suggested that the PDCA should not be explicitly detailed in the updated ISMS Standards;  a move that has not been universally welcomed.
We will have to see what, if any of these elements will see the light of day and of course, when.

It is always useful to keep up to date with developments and for that reason I have posted these details.

No comments:

Quality Matters

P.O.Box 5479
Maldon
Essex
CM9 8GG
England

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design