Difference – ISO 27001:2005 and ISO 27001:2013 – Part 2 – Context

This post is in continuation to my previous post about the differences between ISO 27001:2005 and ISO 27001:2013. You check it out here. My quick and dirty analysis of the differences can be found here.

’Tis all a matter of context. One of the most prominent differences between the old standard (ISO 27001:2005) and the new standard (ISO 27001:2013) is the presence of ‘context’ in the new one. This context forces the implementor to focus on the question ‘Why are we doing this?’. In the old standard, one could not question the reason for doing an ISMS. We had to take it as a matter of faith and go straight to the task of defining the scope and the boundaries of the ISMS.


ISO 27001-2013. What’s Different – Part 1

When the ISO 27001:2013 was released, I did a quick write up about it here. Now that I have had some time to spend with the standard (get to know it better!), I am writing a more detailed comparison. This comparison will follow the typical comparison that I did for the BS25999 vs. ISO 22301. You can read about it starting from here.


The case of the missing PDCA cycle

‘My dear Watson!’ exclaimed Holmes. “You are no doubt wondering about how they work in Japan.” I looked up in surprise. I was indeed pondering about the work culture in Japan.

“Have you started performing black magic, then, Holmes? There can be no other explanation to this” I spake with wide eyes. “How can you even know what I am thinking?”

“Elementary! I have been observing you for the past ten minutes. You started reading the new ISO 27001:2013. A few minutes later, your eyes widened. You left your seat, went to the shelf and retrieved the ISO 27001:2005.”

“And how can that possibly tell you that I am thinking about Japanese work culture?”


The new ISO 27001

So, the new ISO 27001 is here. After 8  years, the entire ISMS approach has been revamped. The newer version of ISO 27001 aka. ISO 27001:2013 is a much slimmer document. There is no introduction to the process approach and – surprise surprise, no diagram of the Deming’s cycle. No beating around the bush for Read more about The new ISO 27001[…]