ISO:BREAK - ISO 27001 2005 to 2013 ISMS Mapping

November 20, 2013

It is common for organizations to refer to their ISMS as clauses 4 through 8. However, with the release of the newly revised 2013 version of ISO 27001, organizations will now have to refer to the ISMS requirements as clauses 4 through 10. That’s right - two additional clauses were added; nonetheless, this does not mean that the addition of two clauses results in two additional components of an ISMS. Rather, the reformatting of the management system requirements within ISO 27001:2013 is driven by the fact that it now better resembles the requirement formatting of other ISO management system requirements.

With the release of the newly revised 2013 version of ISO 27001, organizations will now have to refer to the ISMS requirements as clauses 4 through 10.

To help organizations better understand how the requirements of the 2005 version of ISO 27001 relate to those of the 2013 version, the Schellman ISO team has compiled a brief mapping. It is important that the assumption is not made that the cross references are a one-for-one transition. In fact, the requirements in ISO 27001:2013 resemble those of ISO 27001:2005, and that an organization must fully understanding the newly revised requirements and identifies their own gaps during the transition process.

Previous Article
Complementing Your ISO Certification - AT 101
Complementing Your ISO Certification - AT 101

Undoubtedly, the ISO 27001 Certification is recognized globally and revered as one of the highest and most ...

Next Article
ISO:BREAK - ISO 27001:2013 Documented Information Requirements
ISO:BREAK - ISO 27001:2013 Documented Information Requirements

Documented Information Requirements With the release of the new 2013 version of ISO 27001, a modified appro...