IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Upcoming changes to ISO 27001:2005 and the ISMS Gold standard

January 28th, 2011 · No Comments

Many organizations around the world rely upon the ISO 27001 standard as the premier method of structuring and governing their information security operations.  As the world changes, so too must the standards.  The latest draft (currently the standard is in it’s 4th working stage), highlighted a few interesting improvements.  More can be read here by Bil.  The two that jumped out to me, and should be taken internally for most global organizations include:

  1. Risk Treatment – Expanded and aligned with ISO 31000.  Most have not heard of this ‘other’ ISO standard, but I would encourage at least a brief reading of it here.  This section I have found to be massively beneficial to companies that have a functioning ISMS, so expanding and aligning with 31000 has important implications.
  2. Loss of Statement of Applicability, I must say I am sad to see this go, as I am a big proponent of aligning and rationalizing the controls within an environment.  The smart money though shows the good will still exist, only in a different form.

Thoughts and opinions of ISO 27001 and 31000?

James DeLuccia

Tags: Uncategorized

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment