This website uses cookies. View our cookie policy
Select regional store:

ISO 27001:2013 Standard FAQs

IT Governance consultants can advise you on the nature of the changes to ISO 27001 and what to do to prepare for certification audits.

For example, the ISO 27001:2013 standard puts more emphasis on measuring and evaluating how well an organisation's ISMS is performing. There is also a new section that emphasises the consideration to be given to outsourcing, reflecting the fact that many organisations rely on third parties to provide some aspects of their service or product.

We can help you to find the best way to address these and other changes, whether you are already an experienced ISO 27001 project manager, or just starting the scoping process for your first ISMS.

What are the main changes that you need to take account of?

  • The revised standard has been written using the new high-level structure, which is common to all new management systems standards. This will make integration straightforward when implementing more than one management system.
  • Terminology has been changed and some definitions have been removed or relocated.
  • Risk assessment requirements have been aligned with ISO 31000, moving away from mandating an asset-based approach.
  • Management commitment requirements have a focus on 'leadership'.
  • The requirement for preventive action has changed.
  • The control selection process has changed, offering the benefit of greater flexibility.
  • Controls in Annex A have been modified. Some specific controls have been added, offering a greater focus on areas such as security in project management and through supplier relationships.
  • There is a greater emphasis on setting objectives, monitoring performance, and metrics.

Click on the links below for detailed answers to the questions we are most often asked.

  • Why has the ISO 27001:2005 standard been withdrawn and a new standard published?
  • Does this mean that we can no longer get independent assessment and secure ISO 27001:2005 accredited certification for our ISMS?
  • Can our organisation be issued with an ISO 27001:2013 certificate now, or do we have to wait for further developments?
  • What about surveillance visits: will we have to be assessed against the ISO 27001:2013 standard?
  • Where can I get hold of the new ISO 27001:2013 standard?
  • What are the benefits of ISO 27001:2013 certification?
  • What can IT Governance do to help us gain ISO 27001:2013 certification as quickly as possible?
  • We know a great many professional services firms that offer consultancy in compliance. What makes IT Governance different, and why should we use your services to implement ISO 27001:2013?

Please email us or telephone + 44 845 070 1750 today to speak to one of our consultancy team and arrange your ISO 27001:2013 Health Check or get a quote for our consultancy services.