Using formal methods to provide quality of services and products, security and business continuity has been proven to be very successful. The ISO/IEC 27001 has grown over last years to information security bible. The newest version of this standard has just been published on September 29^th.

The original standard published in 2005 was the beginning of bigger revolution and introduction of ISO/IEC 27000 norm family. The time has passed and the world has changed. New technologies like cloud computing have appeared on the market creating the demand for new formal regulations. Other normalization committees have also been working. The target was to align this norm better with others like ISO 9000 or ISO 22301 and to address new challenges in the information security.

The new standard emphasizes measuring and evaluating how well an organization’s ISMS (Information Security Management System) is performing. Internally new norm does not concentrate so much on Plan-Do-Check-Act cycle. More stress is also put on the organizational context of the security and risk assessment. There is also a new section on outsourcing. Appendices B and C have been dropped.

Compendium will be offering PECB ISO/IEC 27001 trainings based on 2013 edition as soon new courseware will be made available to us. Polish version of this standard is not yet available. Analyzing the past experiences it can take up to 2 years before the new standard will be translated into Polish and adopted by Polish Normalization Committee. Might be this time due to importance of 27001 the adoption process will be speed up.

Available PECB courses