ISO/IEC TR 27023, “Information technology – Security techniques – Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002,” has just been released. It contains a group of three tables that will help you “map” where the requirements of the older edition of each has moved in the newer one. While it’s not a complete redline for the two standards, it does provide you with tracking where specific requirements or controls are now located.
The three tables in the 26-page ISO/IEC TR 27023 cover the following documents, editions and directions:
- ISO/IEC 27001 2nd Edition (2013) to ISO/IEC 27001 1st Edition (2005)
- ISO/IEC 27002 2nd Edition (2005) to ISO/IEC 27002 3rd Edition (2013)
- ISO/IEC 27002 3rd Edition (2013) to ISO/IEC 27002 2nd Edition (2005)
Why is the ISO/IEC TR 27023 helpful? It provides a factual correspondence between the old and new revisions of the ISO/IEC 27001 and ISO/IEC 27002 respectivly. This will be the starting point for your analysis of the changes that have been instigated by the newer editions of each standard. Just remember: The Technical Report does not provide any further information on content changes or the rationale or impact of those changes. You’ll have to do your evaluation of the effect the new requirements will have on your product or service independent of this report.
The committee has made the following note: “For ISO/IEC 27002, the comparison was based on control objectives, controls, and implementation guidance.”
Who should use the ISO/IEC TR 27023? Folks who have implemented the 2005 Editions of one or both of the “target” standards will find this useful when migrating to the 2013 Edition requirements.
What other information is in the ISO/IEC TR 27023? Other than the usual introductory material, the scope, referenced documents and definition sections, the technical report is solely comprised of the three comparison tables.
How can I get a copy of the ISO/IEC TR 27023? Since all ISO/IEC publications are covered by the laws of copyright, you’ll want to purchase your copies from an authorized distributor like Document Center Inc. You can order your standards online at the Document Center Inc. webstore, www.document-center.com. Here is a direct link to the order page for ISO/IEC TR 27023. It’s available in paper format, for pdf download, or as part of our Standards Online multi-user subscription service. Want to know more? Contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We’ve been providing standards to folks like you since 1982. Make us your Standards Experts!