{"id":2864,"date":"2014-06-01T10:26:08","date_gmt":"2014-06-01T09:26:08","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2014\/06\/01\/iso-270012013-transition\/"},"modified":"2024-02-06T12:23:55","modified_gmt":"2024-02-06T12:23:55","slug":"iso-270012013-transition","status":"publish","type":"post","link":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/","title":{"rendered":"ISO 27001:2013 Transition"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005. There will be a transition period for organisations to align their ISMS with the new standard and become certified against ISO 27001:2013.<\/p>\r\n\r\n

The new standard looks different from its predecessor, however, organisations already certified against ISO 27001:2005 should be able to easily migrate to the new standard. The reason for the changes was to make all management system standards look the same, to align ISO 27001 with the Risk Management family of standards (ISO 31000) and update the controls in Annex A.<\/p>\r\n\r\n

In this blog post we will look at how ISO 27001:2013 controls defined in Annex A map to ISO 27001:2005 controls.<\/p>\r\n\r\n

The following table shows how the controls defined in Annex A of ISO 27001:2013 standard maps to controls defined in ISO 27001:2005.<\/p>\r\n\r\n

 <\/p>\r\n\r\n\r\n\t\r\n\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t\r\n\t\t\t
ISO 27001:2013 Control<\/span><\/strong><\/td>\r\n\t\t\tISO 27001:2005 Control<\/span><\/strong><\/td>\r\n\t\t\tComments<\/span><\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.5 Information security policies<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.5.1
\r\n\t\t\tManagement direction for information security<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.5.1.1
\r\n\t\t\tPolicies for information security<\/td>\r\n\t\t\t		A.5.1.1 Information security policy document<\/td>\r\n\t\t\tThe control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.5.1.2 Review of the policies for information security<\/td>\r\n\t\t\tA.5.1.2 Review of the information security policy<\/td>\r\n\t\t\tThe control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6 Organization of information security<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.1 Internal organization<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.1.1
\r\n\t\t\tInformation security roles and responsibilities<\/td>\r\n\t\t\t		 A.6.1.3
\r\n\t\t\tAllocation of information security responsibilities<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.1.2
\r\n\t\t\tSegregation of responsibilities and duties<\/td>\r\n\t\t\t		A.10.1.3
\r\n\t\t\tSegregation of duties<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.1.3
\r\n\t\t\tContact with authorities<\/td>\r\n\t\t\t		A.6.1.6
\r\n\t\t\tContact with authorities<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.1.4
\r\n\t\t\tContact with special interest groups<\/td>\r\n\t\t\t		A.6.1.7
\r\n\t\t\tContact with special interest groups<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.1.5
\r\n\t\t\tInformation security in project management<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which requires information security to be integrated into project management to ensure that risks are addressed and identified.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.2
\r\n\t\t\tMobile devices and teleworking<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.2.1
\r\n\t\t\tMobile device policy<\/td>\r\n\t\t\t		A.11.7.1
\r\n\t\t\tMobile computing and communications<\/td>\r\n\t\t\t		The control has been moved from the access control section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.6.2.2
\r\n\t\t\tTeleworking<\/td>\r\n\t\t\t		A.11.7.2
\r\n\t\t\tTeleworking<\/td>\r\n\t\t\t		The control has been moved from the access control section; however, it has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7 Human resource security<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.1
\r\n\t\t\tPrior to employment<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.1.1
\r\n\t\t\tScreening<\/td>\r\n\t\t\t		A.8.1.2
\r\n\t\t\tScreening<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.1.2
\r\n\t\t\tTerms and conditions of employment<\/td>\r\n\t\t\t		A.8.1.3
\r\n\t\t\tTerms and conditions of employment<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.1.2
\r\n\t\t\tDuring employment<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.2.1
\r\n\t\t\tManagement responsibilities<\/td>\r\n\t\t\t		A.8.2.1
\r\n\t\t\tManagement responsibilities<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.2.2
\r\n\t\t\tInformation security awareness, education and training<\/td>\r\n\t\t\t		A.8.2.2
\r\n\t\t\tInformation security awareness, education and training<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.2.3
\r\n\t\t\tDisciplinary process<\/td>\r\n\t\t\t		A.8.2.3
\r\n\t\t\tDisciplinary process<\/td>\r\n\t\t\t		The control has not changed.  <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.3
\r\n\t\t\tTermination and change of employment<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.7.3.1
\r\n\t\t\tTermination or change of employment responsibilities<\/td>\r\n\t\t\t		A.8.3.1
\r\n\t\t\tTermination responsibilities<\/td>\r\n\t\t\t		The control has not changed but It is now more clearly explained and also covers contractors and third parties.  The control requires contracts to clearly define security responsibilities that are still valid after termination of employment.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8 Asset management<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.1
\r\n\t\t\tResponsibility for assets<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.1.1
\r\n\t\t\tInventory of assets<\/td>\r\n\t\t\t		A.7.1.1
\r\n\t\t\tInventory of assets<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.1.2
\r\n\t\t\tOwnership of assets<\/td>\r\n\t\t\t		A.7.1.2
\r\n\t\t\tOwnership of assets<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.1.3
\r\n\t\t\tAcceptable use of assets<\/td>\r\n\t\t\t		A.7.1.3
\r\n\t\t\tAcceptable use of assets<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.1.4
\r\n\t\t\tReturn of assets<\/td>\r\n\t\t\t		A.8.3.2
\r\n\t\t\tReturn of assets<\/td>\r\n\t\t\t		The control has been moved from the human resources security section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.2
\r\n\t\t\tInformation classification<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.2.1
\r\n\t\t\tClassification of information<\/td>\r\n\t\t\t		A.7.2.1
\r\n\t\t\tClassification guidelines<\/td>\r\n\t\t\t		Even though the title of the control has changed, the actual control has not.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.2.2
\r\n\t\t\tLabelling of information<\/td>\r\n\t\t\t		A.7.2.2
\r\n\t\t\tInformation labelling and handling<\/td>\r\n\t\t\t		The control has now been split into A.8.2.2 and A.8.2.3. This control addresses information labelling<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.2.3
\r\n\t\t\tHandling of assets<\/td>\r\n\t\t\t		A.7.2.2
\r\n\t\t\tInformation labelling and handling<\/td>\r\n\t\t\t		This control addresses assets handling procedures.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.3
\r\n\t\t\tMedia handling<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.3.1
\r\n\t\t\tManagement of removable media<\/td>\r\n\t\t\t		A.10.7.1
\r\n\t\t\tManagement of removable media<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.3.2
\r\n\t\t\tDisposal of media<\/td>\r\n\t\t\t		A.10.7.2
\r\n\t\t\tDisposal of media<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.8.3.3
\r\n\t\t\tPhysical media transfer<\/td>\r\n\t\t\t		A.10.8.3
\r\n\t\t\tPhysical media in transit<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9 Access control<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.1Business requirements of access control<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.1.1
\r\n\t\t\tAccess control policy<\/td>\r\n\t\t\t		A.11.1.1
\r\n\t\t\tAccess control policy<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.1.2
\r\n\t\t\tPolicy on the use of network services<\/td>\r\n\t\t\t		A.11.4.1
\r\n\t\t\tPolicy on use of network services<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2
\r\n\t\t\tUser access management   <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2.1
\r\n\t\t\tUser registration and de-registration<\/td>\r\n\t\t\t		A.11.2.1
\r\n\t\t\tUser registration<\/td>\r\n\t\t\t		The control has now been split into A.9.2.1 and A.9.2.2. This control addresses registration and de-registration.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2.2
\r\n\t\t\tUser access provisioning<\/td>\r\n\t\t\t		A.11.2.1
\r\n\t\t\tUser registration <\/td>\r\n\t\t\t		This control addresses the assignment and removal of access rights.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2.3
\r\n\t\t\tManagement of privileged access rights<\/td>\r\n\t\t\t		A.11.2.2
\r\n\t\t\tPrivilege management<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2.4
\r\n\t\t\tManagement of secret authentication information of users<\/td>\r\n\t\t\t		A.11.2.3
\r\n\t\t\tUser password management<\/td>\r\n\t\t\t		The control has not changed.  <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2.5
\r\n\t\t\tReview of user access rights<\/td>\r\n\t\t\t		A.11.2.4
\r\n\t\t\tReview of user access rights<\/td>\r\n\t\t\t		The control has not changed. This is now the responsibility of asset owners.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.2.6
\r\n\t\t\tRemoval or adjustment of access rights<\/td>\r\n\t\t\t		A.8.3.3
\r\n\t\t\tRemoval of access rights<\/td>\r\n\t\t\t		The control has been moved from the human resources security section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.3
\r\n\t\t\tUser responsibilities<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.3.1
\r\n\t\t\tUse of secret authentication information<\/td>\r\n\t\t\t		A.11.3.1P
\r\n\t\t\tassword use<\/td>\r\n\t\t\t		The control has not changed but it now includes all types of authentication information and not just passwords.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.4
\r\n\t\t\tSystem and application access control   <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.4.1
\r\n\t\t\tInformation access restriction<\/td>\r\n\t\t\t		A.11.6.1
\r\n\t\t\tInformation access restriction<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.4.2
\r\n\t\t\tSecure log-on procedures<\/td>\r\n\t\t\t		A.11.5.1
\r\n\t\t\tSecure log-on procedures<\/td>\r\n\t\t\t		The control has not changed but it now covers both systems and applications.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.4.3
\r\n\t\t\tPassword management system<\/td>\r\n\t\t\t		A.11.5.3
\r\n\t\t\tPassword management system<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.4.4
\r\n\t\t\tUse of privileged utility programs<\/td>\r\n\t\t\t		A.11.5.4
\r\n\t\t\tUse of system utilities<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.9.4.5
\r\n\t\t\tAccess control to program source code<\/td>\r\n\t\t\t		A.12.4.3
\r\n\t\t\tAccess control to program source code<\/td>\r\n\t\t\t		The control has been moved from the information systems acquisition, development and maintenance section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.10 Cryptography<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.10.1
\r\n\t\t\tCryptography controls<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.10.1.1
\r\n\t\t\tPolicy on the use of cryptographic controls<\/td>\r\n\t\t\t		A.12.3.1
\r\n\t\t\tPolicy on the use of cryptographic controls<\/td>\r\n\t\t\t		The control has been moved from the information systems acquisition, development and maintenance section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.10.1.2
\r\n\t\t\tKey management<\/td>\r\n\t\t\t		A.12.3.2
\r\n\t\t\tKey management<\/td>\r\n\t\t\t		The control has been moved from the information systems acquisition, development and maintenance section and in addition to the previous requirements the control now requires the development of a key management policy.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11 Physical and environmental security<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1
\r\n\t\t\tSecure areas<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1.1
\r\n\t\t\tPhysical security perimeter<\/td>\r\n\t\t\t		A.9.1.1
\r\n\t\t\tPhysical security perimeter<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1.2
\r\n\t\t\tPhysical entry controls<\/td>\r\n\t\t\t		A.9.1.2
\r\n\t\t\tPhysical entry controls<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1.3
\r\n\t\t\tSecuring offices, rooms and facilities<\/td>\r\n\t\t\t		A.9.1.3
\r\n\t\t\tSecuring offices, rooms and facilities<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1.4
\r\n\t\t\tProtecting against external and environmental threats<\/td>\r\n\t\t\t		A.9.1.4
\r\n\t\t\tProtecting against external and environmental threats<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1.5
\r\n\t\t\tWorking in secure areas<\/td>\r\n\t\t\t		A.9.1.5
\r\n\t\t\tWorking in secure areas<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.1.6
\r\n\t\t\tDelivery and loading areas<\/td>\r\n\t\t\t		A.9.1.6
\r\n\t\t\tPublic access, delivery and loading areas<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2
\r\n\t\t\tEquipment<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.1
\r\n\t\t\tEquipment siting and protection<\/td>\r\n\t\t\t		A.9.2.1
\r\n\t\t\tEquipment siting and protection<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.2
\r\n\t\t\tSupporting utilities<\/td>\r\n\t\t\t		A.9.2.2
\r\n\t\t\tSupporting utilities<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.3
\r\n\t\t\tCabling security<\/td>\r\n\t\t\t		A.9.2.3
\r\n\t\t\tCabling security<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.4
\r\n\t\t\tEquipment maintenance<\/td>\r\n\t\t\t		A.9.2.4
\r\n\t\t\tEquipment maintenance<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.5
\r\n\t\t\tRemoval of assets<\/td>\r\n\t\t\t		A.9.2.7
\r\n\t\t\tRemoval of property<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.6
\r\n\t\t\tSecurity of equipment and assets off-premises<\/td>\r\n\t\t\t		A.9.2.5
\r\n\t\t\tSecurity of equipment off-premises<\/td>\r\n\t\t\t		The control has not changed.  <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.7
\r\n\t\t\tSecure disposal or reuse of equipment<\/td>\r\n\t\t\t		A.9.2.6
\r\n\t\t\tSecure disposal or re-use of equipment<\/td>\r\n\t\t\t		The control has not changed.  <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.8
\r\n\t\t\tUnattended user equipment<\/td>\r\n\t\t\t		A.11.3.2
\r\n\t\t\tUnattended user equipment<\/td>\r\n\t\t\t		The control has been moved from the access control section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.11.2.9
\r\n\t\t\tClear desk and clear screen policy<\/td>\r\n\t\t\t		A.11.3.3
\r\n\t\t\tClear desk and clear screen policy<\/td>\r\n\t\t\t		The control has been moved from the access control section; however, it has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12 Operations security<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.1
\r\n\t\t\tOperational procedures and responsibilities<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.1.1
\r\n\t\t\tDocumented operating procedures<\/td>\r\n\t\t\t		A.10.1.1
\r\n\t\t\tDocumented operating procedures<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.1.2
\r\n\t\t\tChange management<\/td>\r\n\t\t\t		A.10.1.2
\r\n\t\t\tChange management<\/td>\r\n\t\t\t		The control now covers all changes in the organisation which could affect security.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.1.3
\r\n\t\t\tCapacity management<\/td>\r\n\t\t\t		A.10.3.1
\r\n\t\t\tCapacity management<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.1.4
\r\n\t\t\tSeparation of development, testing and operational environments<\/td>\r\n\t\t\t		A.10.1.4
\r\n\t\t\tSeparation of development, test and operational facilities<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.2
\r\n\t\t\tProtection from malware<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.2.1
\r\n\t\t\tControls against malware<\/td>\r\n\t\t\t		A.10.4.1
\r\n\t\t\tControls against malicious code<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.3
\r\n\t\t\tBackup<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.3.1
\r\n\t\t\tInformation backup<\/td>\r\n\t\t\t		A.10.5.1
\r\n\t\t\tInformation back-up<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.4
\r\n\t\t\tLogging and monitoring<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.4.1
\r\n\t\t\tEvent logging<\/td>\r\n\t\t\t		A.10.10.1
\r\n\t\t\tAudit logging\r\n\t\t\t

A.10.10.2
\r\n\t\t\tMonitoring system use<\/p>\r\n\r\n\t\t\t

A.10.10.5
\r\n\t\t\tFault logging<\/p>\r\n\t\t\t<\/td>\r\n\t\t\t

The controls have been merged into one control.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.4.2
\r\n\t\t\tProtection of log information<\/td>\r\n\t\t\t		A.10.10.3
\r\n\t\t\tProtection of log information<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.4.3
\r\n\t\t\tAdministrator and operator logs<\/td>\r\n\t\t\t		A.10.10.4
\r\n\t\t\tAdministrator and operator logs<\/td>\r\n\t\t\t		The control has not changed.  <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.4.4
\r\n\t\t\tClock synchronisation<\/td>\r\n\t\t\t		A.10.10.6
\r\n\t\t\tClock synchronization<\/td>\r\n\t\t\t		The control has not changed.  <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.5
\r\n\t\t\tControl of operational software<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.5.1
\r\n\t\t\tInstallation of software on operational systems<\/td>\r\n\t\t\t		A.12.4.1
\r\n\t\t\tControl of operational software<\/td>\r\n\t\t\t		The control has been moved from the information systems acquisition, development and maintenance section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.6
\r\n\t\t\tTechnical vulnerability management<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.6.1
\r\n\t\t\tManagement of technical vulnerabilities<\/td>\r\n\t\t\t		A.12.6.1
\r\n\t\t\tControl of technical vulnerabilities<\/td>\r\n\t\t\t		The control has been moved from the information systems acquisition, development and maintenance section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.6.2
\r\n\t\t\tRestrictions on software installation<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which requires restrictions that would prevent users from installing unauthorised software.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.7
\r\n\t\t\tInformation systems audit considerations<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.12.7.1
\r\n\t\t\tInformation systems audit controls<\/td>\r\n\t\t\t		A.15.3.1
\r\n\t\t\tInformation systems audit controls<\/td>\r\n\t\t\t		The control has been moved from the compliance section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13 Communications security<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.1
\r\n\t\t\tNetwork security management<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.1.1
\r\n\t\t\tNetwork controls<\/td>\r\n\t\t\t		A.10.6.1
\r\n\t\t\tNetwork controls<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.1.2
\r\n\t\t\tSecurity of network services<\/td>\r\n\t\t\t		A.10.6.2
\r\n\t\t\tSecurity of network services<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.1.3
\r\n\t\t\tSegregation in networks<\/td>\r\n\t\t\t		A.11.4.5
\r\n\t\t\tSegregation in networks<\/td>\r\n\t\t\t		The control has been moved from the access control section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.2
\r\n\t\t\tInformation transfer<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.2.1
\r\n\t\t\tInformation transfer policies and procedures<\/td>\r\n\t\t\t		A.10.8.1
\r\n\t\t\tInformation exchange policies and procedures<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.2.2Agreements on information transfer<\/td>\r\n\t\t\tA.10.8.2
\r\n\t\t\tExchange agreements<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.2.3
\r\n\t\t\tElectronic messaging<\/td>\r\n\t\t\t		A.10.8.4
\r\n\t\t\tElectronic messaging<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.13.2.4
\r\n\t\t\tConfidentiality or nondisclosure agreements<\/td>\r\n\t\t\t		A.6.1.5
\r\n\t\t\tConfidentiality agreements<\/td>\r\n\t\t\t		The control has been moved from the organization of information security section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14 System acquisition, development and maintenance<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.1
\r\n\t\t\tSecurity requirements of information systems<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.1.1
\r\n\t\t\tInformation security requirements analysis and specification<\/td>\r\n\t\t\t		A.12.1.1
\r\n\t\t\tSecurity requirements analysis and specification<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.1.2
\r\n\t\t\tSecuring application services on public networks<\/td>\r\n\t\t\t		A.10.9.1
\r\n\t\t\tElectronic commerce<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section and expanded to include all applications on public networks.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.1.3
\r\n\t\t\tProtecting application services transactions<\/td>\r\n\t\t\t		A.10.9.2
\r\n\t\t\tOn-line transactions<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2
\r\n\t\t\tSecurity in development and support processes<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.1
\r\n\t\t\tSecure development policy<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis a new control which requires a secure development policy that identifies guidelines and best practices to be followed in development practices.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.2
\r\n\t\t\tSystem change control procedures<\/td>\r\n\t\t\t		A.12.5.1
\r\n\t\t\tChange control procedures<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.3
\r\n\t\t\tTechnical review of applications after operating platform changes<\/td>\r\n\t\t\t		A.12.5.2
\r\n\t\t\tTechnical review of applications after operating system changes<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.4
\r\n\t\t\tRestrictions on changes to software packages<\/td>\r\n\t\t\t		A.12.5.3
\r\n\t\t\tRestrictions on changes to software packages<\/td>\r\n\t\t\t		The control has not changed. <\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.5
\r\n\t\t\tSecure system engineering principles<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which required guidelines and best practices for engineering secure systems to be defined and implemented.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.6
\r\n\t\t\tSecure development environment<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which requires the establishment of a secure development environment.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.7
\r\n\t\t\tOutsourced development<\/td>\r\n\t\t\t		A.12.5.5
\r\n\t\t\tOutsourced software development<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.8
\r\n\t\t\tSystem security testing<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which requires security testing to be carried on systems during development.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.2.9
\r\n\t\t\tSystem acceptance testing<\/td>\r\n\t\t\t		A.10.3.2
\r\n\t\t\tSystem acceptance<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.3
\r\n\t\t\tTest data<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.14.3.1
\r\n\t\t\tProtection of test data<\/td>\r\n\t\t\t		A.12.4.2
\r\n\t\t\tProtection of system test data<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15 Supplier relationships<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.1
\r\n\t\t\tInformation security in supplier relationships<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.1.1
\r\n\t\t\tInformation security policy for supplier relationships<\/td>\r\n\t\t\t		A.6.2.1
\r\n\t\t\tIdentification of risks related to external parties<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.1.2
\r\n\t\t\tAddressing security within supplier agreements<\/td>\r\n\t\t\t		A.6.2.3
\r\n\t\t\tAddressing security in third party agreements<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.1.3
\r\n\t\t\tInformation and communication technology supply chain<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control that addresses risks associated with suppliers outsourcing some or all of the provided IT services.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.2
\r\n\t\t\tSupplier service delivery management<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.2.1
\r\n\t\t\tMonitoring and review of supplier services<\/td>\r\n\t\t\t		A.10.2.2
\r\n\t\t\tMonitoring and review of third party services<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.15.2.2
\r\n\t\t\tManaging changes to supplier services<\/td>\r\n\t\t\t		A.10.2.3
\r\n\t\t\tManaging changes to third party services<\/td>\r\n\t\t\t		The control has been moved from the communications and operations management section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16 Information security incident management<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1
\r\n\t\t\tManagement of information security incidents and improvements<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.1
\r\n\t\t\tResponsibilities and procedures<\/td>\r\n\t\t\t		A.13.2.1
\r\n\t\t\tResponsibilities and procedures<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.2
\r\n\t\t\tReporting information security events<\/td>\r\n\t\t\t		A.13.1.1
\r\n\t\t\tReporting information security events<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.3
\r\n\t\t\tReporting information security weaknesses<\/td>\r\n\t\t\t		A.13.1.2
\r\n\t\t\tReporting security weaknesses<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.4
\r\n\t\t\tAssessment of and decision on information security events<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which addresses the identification and classification of security incidents.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.5
\r\n\t\t\tResponse to information security incidents<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which requires organisations to establish and apply security incidents response procedures.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.6
\r\n\t\t\tLearning from information security incidents<\/td>\r\n\t\t\t		A.13.2.2
\r\n\t\t\tLearning from information security incidents<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.16.1.7
\r\n\t\t\tCollection of evidence<\/td>\r\n\t\t\t		A.13.2.3
\r\n\t\t\tCollection of evidence<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17 Information security aspects of business continuity management<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17.1
\r\n\t\t\tInformation security continuity<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17.1.1
\r\n\t\t\tPlanning information security continuity<\/td>\r\n\t\t\t		A.14.1.1
\r\n\t\t\tIncluding information security in the business continuity management process<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17.1.2
\r\n\t\t\tImplementing information security continuity<\/td>\r\n\t\t\t		A.14.1.3
\r\n\t\t\tDeveloping and implementing continuity plans including information security<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17.1.3
\r\n\t\t\tVerify, review and evaluate information security continuity<\/td>\r\n\t\t\t		A.14.1.5
\r\n\t\t\tTesting, maintaining and reassessing business continuity plans<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17.2
\r\n\t\t\tRedundancies<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.17.2.1
\r\n\t\t\tAvailability of information processing facilities<\/td>\r\n\t\t\t		 <\/td>\r\n\t\t\tThis is a new control which addresses information systems availability requirements.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18 Compliance<\/strong><\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.1
\r\n\t\t\tCompliance with legal and contractual requirements<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.1.1
\r\n\t\t\tIdentification of applicable legislation and contractual requirements<\/td>\r\n\t\t\t		A.15.1.1
\r\n\t\t\tIdentification of applicable legislation<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.1.2
\r\n\t\t\tIntellectual property rights<\/td>\r\n\t\t\t		A.15.1.2
\r\n\t\t\tIntellectual property rights (IPR)<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.1.3
\r\n\t\t\tProtection of records<\/td>\r\n\t\t\t		A.15.1.3
\r\n\t\t\tProtection of organizational records<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.1.4
\r\n\t\t\tPrivacy and protection of personally identifiable information<\/td>\r\n\t\t\t		A.15.1.4
\r\n\t\t\tData protection and privacy of personal information<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.1.5
\r\n\t\t\tRegulation of cryptographic controls<\/td>\r\n\t\t\t		A.15.1.6
\r\n\t\t\tRegulation of cryptographic controls<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.2
\r\n\t\t\tInformation security reviews<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.2.1
\r\n\t\t\tIndependent review of information security<\/td>\r\n\t\t\t		A.6.1.8
\r\n\t\t\tIndependent review of information security<\/td>\r\n\t\t\t		The control has been moved from the organisation of information security section; however, it has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.2.2
\r\n\t\t\tCompliance with security policies and standards<\/td>\r\n\t\t\t		A.15.2.1
\r\n\t\t\tCompliance with security policies and standards<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t\t
A.18.2.3
\r\n\t\t\tTechnical compliance review<\/td>\r\n\t\t\t		A.15.2.2
\r\n\t\t\tTechnical compliance checking<\/td>\r\n\t\t\t		The control has not changed.<\/td>\r\n\t\t<\/tr>\r\n\t<\/tbody>\r\n<\/table>\r\n\r\n

 <\/p>\r\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005. There will be a transition period for organisations to align their ISMS with the new standard and become certified against ISO 27001:2013. The new standard looks different from its predecessor, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[216,218],"class_list":["post-2864","post","type-post","status-publish","format-standard","hentry","category-researchblog","tag-compliance","tag-iso_27001","wpbf-post"],"contentshake_article_id":"","yoast_head":"\nISO 27001:2013 Transition<\/title>\n<meta name=\"description\" content=\"A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/nl\/iso-270012013-transition\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ISO 27001:2013 Transition\" \/>\n<meta property=\"og:description\" content=\"A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/nl\/iso-270012013-transition\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-01T09:26:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-06T12:23:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Geschreven door\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Geschatte leestijd\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/person\\\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"ISO 27001:2013 Transition\",\"datePublished\":\"2014-06-01T09:26:08+00:00\",\"dateModified\":\"2024-02-06T12:23:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/\"},\"wordCount\":2623,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#organization\"},\"keywords\":[\"compliance\",\"ISO 27001\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"nl-NL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/\",\"name\":\"ISO 27001:2013 Transition\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#website\"},\"datePublished\":\"2014-06-01T09:26:08+00:00\",\"dateModified\":\"2024-02-06T12:23:55+00:00\",\"description\":\"A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/iso-270012013-transition\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.com\\\/nl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 27001:2013 Transition\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#website\",\"url\":\"https:\\\/\\\/dionach.com\\\/nl\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.com\\\/nl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.com\\\/nl\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/person\\\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ISO 27001:2013 Transition","description":"A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/","og_locale":"nl_NL","og_type":"article","og_title":"ISO 27001:2013 Transition","og_description":"A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005.","og_url":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2014-06-01T09:26:08+00:00","article_modified_time":"2024-02-06T12:23:55+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Geschreven door":"Dionach Admin","Geschatte leestijd":"12 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"ISO 27001:2013 Transition","datePublished":"2014-06-01T09:26:08+00:00","dateModified":"2024-02-06T12:23:55+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/"},"wordCount":2623,"publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"keywords":["compliance","ISO 27001"],"articleSection":["researchblog"],"inLanguage":"nl-NL"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/","url":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/","name":"ISO 27001:2013 Transition","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/#website"},"datePublished":"2014-06-01T09:26:08+00:00","dateModified":"2024-02-06T12:23:55+00:00","description":"A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005.","breadcrumb":{"@id":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/nl\/iso-270012013-transition\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/nl\/iso-270012013-transition\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/nl\/"},{"@type":"ListItem","position":2,"name":"ISO 27001:2013 Transition"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/nl\/#website","url":"https:\/\/dionach.com\/nl\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/dionach.com\/nl\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-Kc","_links":{"self":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/comments?post=2864"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2864\/revisions"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/media?parent=2864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/categories?post=2864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/tags?post=2864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}