ISMS Implementation using ISO 27001 version 2005 or 2013

In my opinion you should start with the 2013 version from the beginning, if you are familiar with the 2005 version, that could help understanding the concepts since the 2013 version is easier than the 2005 for experienced people.

If you are planning to get certified, please consider that after September 2014 there will be no more new certifications for the 2005 version, and the 2005 versions will be required to make a transition until October 2015. So if you start your ISMS in 2005 version, you will need to make the transition next year. Starting in 2013 version you will save time and money.

In the infographic you can find some useful information about the differences between 2005 and 2013 versions: https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/

Also you can find also an overview of the annex-a in ISO 27001 version 2013 in: https://advisera.com/27001academy/iso-27001-controls/

And if needed you can have also an overview on how to build a project with ISO 27001: https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

Thanks

Jose Casinha said

We have received the following question:

> In order to start with a new ISO27001 implementation, can make sense to begin using old 2005 methodology and then migrate to the 2013 new set of controls? My question is due to the fact that can be easier performing analysis and checklists in the old and well known way, instead of learning the new method at all. During the conversion phase, analists can take more confidence with the new standard and with its differences with the 2005 release ....

Answer: In my opinion you should start with the 2013 version from the beginning, if you are familiar with the 2005 version, that could help understanding the concepts since the 2013 version is easier than the 2005 for experienced people.

If you are planning to get certified, please consider that after September 2014 there will be no more new certifications for the 2005 version, and the 2005 versions will be required to make a transition until October 2015. So if you start your ISMS in 2005 version, you will need to make the transition next year. Starting in 2013 v ersion you will save time and money.
......... />

Yes, i feel that is better to start with the 2013 version ... Really it is better optimized than the old 2005 version.
In addition it better covers some new technologies and a better way to address them.
Regards
Alessandro