Guest user Created: Aug 24, 2017 Last commented: Aug 24, 2017

BS EN ISO IEC 27001 2017

Are you able to advise on the difference in clause 6.1.3 for the new 2017 standard of 27001? We have seen a lot of websites saying there is a new standard and we have the changes for annex 8 just not clause 6.1.3.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 24, 2017

https://www.bsigroup.com/en-GB/iso-27001-information-security/BS-EN-ISO-IEC-27001-2017/

Info is from this website, plus there are others referring to it.

Answer: The change was only in the presentation form of clause 6.1.3 d), related to the Statement of applicability, and does not include any new requirements. You can see the ISO TECHNICAL CORRIGENDUM 2, that defined this change, released at 2015-DEC-01, at this link: https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:cor:2:v1:en

Former text: "d) produce a Statement of Applicability that contains the necessary controls (see 6.1.3 b) and c)) and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A;"

New text: "d) produce a Statement of Applicability that contains:
- the necessary controls (s ee 6.1.3 b) and c));
- justification for their inclusion;
- whether the necessary controls are implemented or not; and
- the justification for excluding any of the Annex A controls."

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 24, 2017

Expert Advice Community