17th March 2014
Holders of the ISO 27001:2005 Standard will be aware that the “Clock is ticking” and they must upgrade to the new 2013 Standard by September 2015 or risk being de-registered. However most organisations are being cautious not to rush the transition and perhaps get a system that is too complicated or difficult to maintain.
This is the second part of our series detailing the various steps needed to achieve a successful transition to the revised Standard.
The revised Standard emphasises the role of “Interested Parties” and it does specify that all interested parties should be listed. It may be useful, at this stage, to identify just who these are.
This list is not exhaustive and should be specific to the organisation. Against each stakeholder their requirements as far as information security, should be stated.
Having defined all the Stakeholders you can now move forward to identifying the SCOPE. You will be generating a new S.O.A (Statement of Applicability) and defining the scope will help in deciding which elements are not applicable in the application.
Once again I would stress that these steps should not be rushed; the better the preparation the better the final result; my father used to drum this into me for decorating and in particular, painting of woodwork which always lasted longer if good preparation was taken.
Next time we will look at the revised requirements for Risk Assessments.
Heybridge Business Centre
110 The Causeway, Heybridge
Essex CM9 4ND
T: 01621 857841
M: 07702 193788
© 2020 Quality Matters Ltd. All rights reserved. Responsive Design