Friday 11 October 2013

The new ISO 27001 is out!
How to develop a Statement of Applicability

The 2013 editions of the widely used standards for information security management, ISO 27001 and 27002 were released a few weeks ago. It has been eight years since they were last updated, and the new versions contain a number of improvements that should be of interest to companies that lean towards ISO 27001 or complies with it.

 ISO 27001 describes requirements to an Information Security Management System (ISMS). The requirements addresses the same topics as the previous version. The good news is that companies now have more freedom to choose how they will comply with the requirements. More functionality, less form, as one of my colleagues put it.

Risk Management = Risk Assessment + Risk Treatment

Risk management is now an even more central part of your ISMS. Risk management consists of a process of risk assessment and a process of risk treatment.
Road to SoA - and beyond

 In the new ISO 27001 (and in the old standard as well), a key document is the Statement of Applicability, the SoA. It's new that your SoA is so closely aligned with your risk treatment process. It's also new that your organisation is to appoint Risk Managers. The responsibility of a Risk Manager is to approve your risk treatment plan and your risk tolerance - sometimes referred to as risk appetite.

 Your SoA describes what controls are part of your ISMS. It is new that you have to justify both control inclusions and exclusions; that's a nice improvement to the standard. As the SoA is or becomes such a central document in your ISMS, Neupart has produced a free guide on how to prepare and maintain your SoA most effectively.

 DOWNLOAD How to develop an ISO 27001 Statement of Applicability. Registration is not needed.


 PS! I have a few more ISO 27001 resources for you:

 SecureAware ISMS-tool
Webinar on how to develop af SoA
Blog Post about how the new ISO 27001 affects your risk management

 About the Author: Lars Neupart is founder of Neupart and wants you to know that SecureAware = efficient information security management. Get more of him on Twitter.

 PS: Click here to follow us on LinkedIn.
Indsendt af kl.
Etiketter: , , , , , , ,

8 comments:

  1. harrishvijay24 August 2020 at 11:41

    This information is really helpful to me. Thanks for upload.ISO 27001 lead auditor

    ReplyDelete
  2. Mohamad nazir8 January 2021 at 09:54

    Thank you so much for this wonderful article really! ...
    ISO 27001 in Iraq

    ReplyDelete
  3. YASARARAFAT10 February 2021 at 10:24

    Very Nice. This blog is very useful to me. Now I have clarified my doubts. Thanks for sharing the information. ISO Lead Auditor Course in Kuwait

    ReplyDelete
  4. Hafeezriyas5 April 2021 at 05:33

    Thanks you for sharing this unique useful information content with us. Really awesome work... Kosher Certification in Qatar

    ReplyDelete
  5. Hafeezriyas12 April 2021 at 10:39

    Thanks you for sharing this unique useful information content with us. Really awesome work.. ISO 27001 Certification in Qatar

    ReplyDelete
  6. mohamaf20 April 2021 at 08:48

    It is really very helpful for us and I have gathered some important information from this blog. ISO Courses in Oman

    ReplyDelete
  7. Kanishka9 February 2022 at 07:47

    Thanks for sharing
    certificazione iso 27001

    ReplyDelete
  8. Punyam6 December 2023 at 12:12

    This blog has proven highly beneficial, providing me with valuable insights and crucial information.
    ISO 27001 Lead Auditor Training

    ReplyDelete

Subscribe to: Post Comments (Atom)