ISO/IEC 27003 has been revised. The title of the standard is Information technology – Security techniques – Information security management systems – Guidance. The document provides you with information on how to implement ISO/IEC 27001. It is available now from Document Center Inc. (www.document-center.com) in both paper format and for pdf download.
If you’ve decided to implement an ISMS (information security management system), this is the standard for you! The recommendations in the ISO/IEC 27003 are presented in parallel fashion to the clauses in the ISO/IEC 27001. So as you read through the requirements in one, you can get additional information in the other.
How does the ISMS protocol of the ISO/IEC 27000 series promote good security practices? You’ll find it has a system for understanding your organizational needs, assessing your risks, and translating that into a sustainable process.
And it is set up similarly to the other management system standards. You’ll be given requirements for policy, for responsibilities, for planning and defining processes, and then acting on those with documented information. Special attention is given to risk assessment and treatment in this publication.
What’s new in this 2nd Edition for ISO/IEC 27003? In the forward, the updates are reviewed. They are considered minor. Here are the main changes that the committee has identified for you:
- First, the ISO/IEC 27001 was updated since the publication of the previous 2010 Edition of the guidance document. So there are changes throughout the publication, including the title and scope.
- Secondly, the approach of the document has been modified. Previously there was a project approach. Now the guidance aligns with the requirements, regardless of the order of implementation.
Information security breaches are expensive, in time, money, and loss of reputation and customer confidence. Taking a systematic approach to security, based on solid risk-management principles, is essential. This guidance document can help you minimize the vulnerabilities that come with our interconnected environment.
If you need a copy of any of the ISO/IEC 27000 series, use Document Center Inc. for your purchase. We have been working with standards since 1982 and offer you the personal attention you need when implementing this type of compliance requirements. Use our webstore at www.document-center.com to search and order from our catalog of over 1 million standards. Here is a direct link to the order page for ISO/IEC 27003 for your convenience.
If you have additional questions or would like more information on our enterprise-wide Standards Online cloud solution, please get in touch. You can reach us by phone (650-591-7600) or email (info@document-center.com). We’re happy to work with you to achieve a solid documentation system tailored to your needs. Make us your Standards Experts!
