ISO 27001:2013 specifies the requirements for establishing, implementing, maintaining and improving an information security management system (ISMS).
There are now more than 17,000 registrations worldwide and revisions to the standard have taken into account the practical experience of organisations using it. The changes were influenced by the ISO requirement that all new and revised management system standards must conform to the high level structure and identical core text defined in Annex SL to Part 1 of the ISO/IEC Directives and a decision to align the standard with the principles of ISO 31000 (risk management).
Revisions to the standard have placed greater emphasis on setting objectives, monitoring performance and metrics and a requirement for management commitment requirements to focus on leadership.
Certification International’s managing director John Pymer comments: “Receiving accreditation for the latest information security management system ensures we provide clients with a high quality service. Assessing companies to the latest standards not only benefits our clients but plays a key role in our business strategy. By placing Certification International as a leader in the certification industry it will help us grow, not only in the UK but on a global scale.
“ISO 27001:2013 is an important standard for all companies, whatever their size or sector. It’s vital for companies to underline their responsible practices through the achievement of such a well recognised standard. Certification International’s experience means we can partner with companies looking to implement operations which allow them to integrate the latest information security management systems into their business.”
Certification International will be working closely with all their clients to ensure they are assessed against the new requirements at their next scheduled visit to achieve transition by the deadline of 1st October 2015.
Certification International’s UK Business Manager Emma Fawcett-Jones comments: “Clients who are already certified to ISO 27001:2005 will have to transition to the new standard before July 2015, and there are two ways to achieve this. The first is to prepare themselves ready for the transition review at the next surveillance or reassessment audit that is due in their schedule before the transition date. Clients who choose this option will have to complete a transition review checklist and provide it before the audit date for the auditor to review. The second option is to undergo a separate transition review audit. In order to help clients through the transition we have published guidance and a checklist to send to all of our clients who have achieved the out-going standard so they have time to prepare themselves for the change.”