What are the Significant Changes in ISO 27001 New Standard?
ISO Has delivered a new form of data security, the executive’s standard ISO 27001, in September 2013. Supporting rule ISO IEC 27002 has likewise refreshed. All associations previously guaranteed under ISO IEC 27001:2005 need to progress to the new form by October 2015. What are the significant changes in ISO 27001 new standard?
Since, the successful utilization of these guidelines can assist organizations with accomplishing rehearses in data security, keep away from re-designing security controls, streamline the utilization of scant assets, and lessen the significant security risk like loss of restrictive data, hacking of organization, the spread of malware, information bargain and disappointments of specialist co-ops to comprehend and meet client prerequisites; as a matter of fact.
Expanded scope of security danger to incorporate enterprise risk assessment. This will empower associations to utilize it for their Governance, Risk and Compliance (GRC) program. This is a significant alter towards a correct course. This has additionally improved on documentation necessities by and large by supplanting the word documented method” with recorded data.”
Since the new standard has improved on the rundown of controls in Annexure A by diminishing the number of rules from 133 to 114. In any case; the extent of utilization of the rules has altogether extended.
A Portion of the Significant Changes in the Controls Are
- Consideration of System designing and undertaking the board: New controls added to address data security in the venture the executives (A.6.1.5), Secure improvement strategy (A.14.2.1), Secure framework designing standards (A.14.2.5)
- Cell phone strategy (A.6.2.1): This addresses the expanding utilization of cell phones in data handling and utilization of personal gadgets to get to hierarchical data resources.
- System security testing (A.14.2.8): data preparing frameworks should be tried for their consistency to security prerequisites. This testing is notwithstanding the regular framework acknowledgement test led after System
- A significant number of progressions will better adjust security destinations to business objectives and goals. That arrangement will help everybody across the entire association to all the more likely appreciate the significance of data security to the organization’s supportability, reasonability and reputation.
- Investigation and Maintenance of offices
- The executives of Critical frameworks
- Work Control, Permit to Work and Task Risk Management
- Contractor/Vendor Selection and Management
- Incident Reporting and Investigation
- Review, Assurance and Management System audit and Intervention