BS ISO/IEC 27001:2013

This internationally acclaimed standard for information security management has been revised. Since their conception in the early 1990s, globally recognized standards in Information Security have grown in rigor and recognition. So have information security threats and the best ways to manage them.

To reflect current best practice, BS ISO/IEC 27001:2013 provides specific recommendations to help you establish your own Information Security Management System (ISMS), monitor its performance and implement improvements where necessary.

The new standard is written using the high level structure that will be common to all new management system standards. This will allow easier integration when implementing more than one management system within your organization.

BS ISO/IEC 27001:2013 is less prescriptive, allowing greater flexibility on how requirements are satisfied, thereby giving organizations greater freedom to implement requirements in a manner best suited to them.

The document allows you to see where you can simplify your current information security management practices or adopt new practices that are more natural to the needs and culture of your organization. If you are introducing an information security management system for the first time, the new standard ensures you are following today’s best practice from the start.

BS ISO/IEC 27001:2013 requirements can be used to prepare your organization for third party audits and certification purposes.

Taking into account the experiences of users who have implemented or sought certification to ISO/IEC 27001:2005, the new standard offers a more flexible, streamlined approach intended to ensure more effective risk management.

A number of changes to the security controls listed in Annex A have been made to ensure the standard is current and consistent with the new BS ISO/IEC 27002:2013.