Skip to content

Sheila Pantry Associates Ltd


Focus Archive

BS ISO/IEC 27001:2013 Information technology, Security techniques, Information security management systems, Requirements

October 2013

This internationally acclaimed standard for information security management has been revised and released on 1 October 2013. Since their conception in the early 1990s, globally recognised standards in Information Security have grown in rigour and recognition. So have information security threats and the best ways to manage them.

To reflect current best practice, BS ISO/IEC 27001:2013 provides specific recommendations to help you establish your own Information Security Management System (ISMS), monitor its performance and implement improvements where necessary.

The new standard is written using the high level structure that will be common to all new management system standards. This will allow easier integration when implementing more than one management system within your organisation.

BS ISO/IEC 27001:2013 is less prescriptive, allowing greater flexibility on how requirements are satisfied, thereby giving organisations greater freedom to implement requirements in a manner best suited to them.

The document allows you to see where you can simplify your current information security management practices or adopt new practices that are more natural to the needs and culture of your organization. If you are introducing an information security management system for the first time, the new standard ensures you are following today’s best practice from the start.

BS ISO/IEC 27001:2013 requirements can be used to prepare your organisation for third party audits and certification purposes.

Taking into account the experiences of users who have implemented or sought certification to ISO/IEC 27001:2005, the new standard offers a more flexible, streamlined approach intended to ensure more effective risk management.

A number of changes to the security controls listed in Annex A have been made to ensure the standard is current and consistent with the new BS ISO/IEC 27002:2013.


  1. Introduction
  2. 1 Scope
  3. 2 Normative references
  4. 3 Terms and definitions
  5. 4 Context of the organization
  6. 5 Leadership
  7. 6 Planning
  8. 7 Support
  9. 8 Operation
  10. 9 Performance evaluation
  11. 10 Improvement
  12. Bibliography

More information and order: BS ISO/IEC 27001:2013