By now nearly everyone in the industry knows about the ISO/IEC 27001:2013 Standard and the supporting Code of Practice document ISO/IEC 27002:2013. Both were developed through consensus of the international community with a membership of over 47 national standards bodies. ISO/IEC 27001 is one of the fastest growing management system standards used around the globe.
According to the International Organization for Standardization’s ISO Survey 2012, at the end of 2012 the ISO/IEC 27001:2005 accredited certificates issued worldwide nearly reached 20,000 in total in 100 countries. Since 2006 the number of certificates issued has increase by double digits each year, with the 2009 jump of 40% over 2008 being the largest year over year increase.
The transition period has begun and many organizations haven’t started to think and plan about the new standard, as the existing certification is still valid. If your existing certificate expires after September 25th, 2015, you will be verified for compliance against the revision. If your certificate expires prior to September 25th, 2015, then you must upgrade to the revised certificate and comply for certification. We have put together a top 5 summary of the changes in the revision:
One important improvement is that the revised standard is much easier to comply with for small organizations. The changes also take into account for the landscape of a small organizations to utilize third party vendors in order to operate on a larger scale. One thing small to medium organizations often lack is the resources to hire outside consultants to aid in the ISMS procedures updates the revised standard requires to re-certify. Here are a few simple best practices we have been prescribing to our clients as we begin assisting the process to update ISMS risk management procedures and documents:
We are interested in your comments and best practices to share with others beginning the process of re-certification against the ISO/IEC 27001:2013 revision. You can reach us at info@riskmanagementstudio.com or post your comments below. RM Studio has been assisting SMEs on a global scale to certify and maintain compliance to the ISO 27001 since 2005.