1. The effort required to transition from the 2005 revision to 27001:2013
It is true that every company certified against the ISO 27001:2005 will have to transition to the 2013 revision within two years, and it is true that the 2013 revision has some new requirements, while some are gone. It is also true that this process won’t be finished in a couple of hours, but it certainly doesn’t have to be anything close to the effort of the initial implementation of the standard. The key is in careful planning – if you know exactly which steps you need to take, you will reduce this transition effort to a minimum. With this in mind, read my article How to make a transition from ISO 27001 2005 revision to 2013 revision.
2. Successfully communicating a beneficial reason why a company should implement ISO 27001
The key is to determine benefits for the business side of the organization – benefits that are easily understandable and that bring clear value to the business, not to IT. Because, after all, the decision about ISO 27001 is not going to be made by the head of the IT department, but by your senior management. In my view, there are four potential benefits that may be applicable to companies: (1) compliance, (2) marketing advantage, (3) decreasing costs, and (4) optimizing processes. Read the details: Four key benefits of ISO 27001 implementation.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.