ISO Knowledge
ISO 27001

Comparing ISO 27001:2013 and ISO 27001:2005

March 15, 2014 5 min read Vinastar Consulting
ISO 27001
View larger

ISO 27001:2013 was published in October 2013, replacing the 2005 edition. This is an important transition that organizations applying the older version need to complete.

Key changes

  • Structure aligned to Annex SL (High Level Structure) — consistent with other ISO management system standards
  • 14 clauses instead of 11 in the previous version
  • Annex A reduced from 133 to 114 controls, organized into 35 control objectives
  • Greater focus on leadership and commitment (Clause 5)
  • Clearer emphasis on risk assessment and risk treatment

Organizations certified to ISO 27001:2005 need to transition to the 2013 (and now 2022) version to maintain certification validity.

All articles Get Consulting

You might also like

ISO 27001
ISO 27001

What is ISO 27001 and what does your business need to prepare?

5 min read
ISO 27001
ISO 27001

The benefits of building an information security management system

4 min read
ISO 27001

ISO/IEC 27001 – Information Security Management System

8 – 10 phút

Questions about ISO implementation?

Send us a request and Vinastar will advise on the right standard and implementation approach for your organization.

Get Free Quote Liên hệ tư vấn