There are some important changes introduced on version ISO/IEC 27001:2013
Regarding the structure of this new version:
More Domains:
14 domains in version 2013 instead of 11 in version 2005.
The 3 new domains are:
- A.10: Cryptographic technology
- A.12: Operational security
- A.15: Security for suppliers and third parties
Less Controls:
114 controls in version 2013 instead 133 in version 2005
The new controls are:
- A.6.1.5 Information security in project management
- A.12.6.2 Restrictions on software installation
- A.14.2.1 Secure development policy
- A.14.2.5 Secure system engineering principles
- A.14.2.6 Secure development environment
- A.14.2.8 System security testing
- A.15.1.1 Information security policy for supplier relationships
- A.15.1.3 Information and communication technology supply chain
- A.16.1.4 Assessment of and decision on information security events
- A.16.1.5 Response to information security incidents
- A.17.2.1 Availability of information processing facilities
More data about the comparison of these 2 versions in: