Comparison between ISO/IEC 27001:2013 and ISO/IEC 27001:2005


There are some important changes introduced on version ISO/IEC 27001:2013

Regarding the structure of this new version:

More Domains:

14 domains in version 2013 instead of 11 in version 2005.
The 3 new domains are:

  • A.10: Cryptographic technology
  • A.12: Operational security
  • A.15: Security for suppliers and third parties

Less Controls:

114 controls in version 2013 instead 133 in version 2005
The new controls are:

  • A.6.1.5 Information security in project management
  • A.12.6.2 Restrictions on software installation
  • A.14.2.1 Secure development policy
  • A.14.2.5 Secure system engineering principles
  • A.14.2.6 Secure development environment
  • A.14.2.8 System security testing
  • A.15.1.1 Information security policy for supplier relationships
  • A.15.1.3 Information and communication technology supply chain
  • A.16.1.4 Assessment of and decision on information security events
  • A.16.1.5 Response to information security incidents
  • A.17.2.1 Availability of information processing facilities

More data about the comparison of these 2 versions in:

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.