Welcome to 27k1’s first newsletter, sent to our ISO 27001 consulting community. We hope you like the style and content and welcome any feedback, which you can send via the web site.
We are pleased to announce that the 27k1 team is being supported by David Liddell-Watson. David has been working in the information, cyber security and cyber forensics sectors for over 30 years, gaining experience in military, commercial and public sector environments. As Technical Advisor, David will assist us by ensuring that the system takes the correct approach to the new ISO 27001 standard as well ensuring that the addition of NIST Controls is also accurately deployed. You can read the full article using this link: https://27k1.com/22-02-2020-company-announcement-27k1-ltd-appoints-david-lilburn-watson-as-technical-advisor
System Developments Plans – 27k1 ISMS Version 4
We are pleased that the Notifications feature has now progressed thorough the feasibility stage and notifications will be introduced in Version 4.
2. ISO 27001 – The 97 New Controls
We are advised that there will be major changes to the existing ISO 27001 standard:
The 14 guiding principles will be split into 4 main sub-sections and the Controls are set to be rationalised from 114 to 97. This will be achieved by updating old controls, removing duplications, making some controls redundant and adding new ones, as follows:
- Organisational Controls (39) – formerly Policy; Organising Security; Asset M; Supplier R; Incident M; BCP & Compliance plus 4 new controls
- People Controls (7) –formerly Human Resources
- Physical Controls (14) – formerly Physical/Environmental Security plus1 new control
- Technological Controls (37) – Ops Security; Communications Security; Access Controls; Cryptographic controls; Development Security plus 9 new controls
ISO 27002 Revision – the 14 New Controls
1. Threat Intelligence
2. Information security for cloud services
3. ICT continuity planning
4. Digital rights management
5. Physical security monitoring
6. Configuration management
7. Information deletion
8. Data masking
9. Data leakage prevention
10. Monitoring activities
11. Vulnerability disclosure & handling in delivering ICT products & services
12. Web filtering
13. Data integrity protection
14. Secure coding principles
The framework supporting the new controls and clauses will be introduced in Version 4 in readiness for these to be added when the standard is ratified. Transitioning from ISO 27001:2013 to the new version is planned to be a seamless procedure with only a few clicks needed to activate the new version. It is highly recommended for end-customers to move ISO 27001:2013 from their spreadsheets to the 27k1 ISMS, then they are ready to transition to the new version eliminating the need to implement new spreadsheet toolkits.
In recent weeks, we have received web site enquiries from Information Security consultancies located in the USA, Europe and South Africa. Indeed, we were surprised to receive an enquiry from New Caledonia, which we had to look up on a map!
Global businesses are impacted by the same cyber security threats that we experience here in the UK, and Internationally based ISO 27001 consultants are keen to use the 27k1 ISMS. In February we signed a Consultant Reseller agreement with CVG Strategy, based in Florida, US and in early March, we signed a Consultant Reseller agreement with Ntrust Advisory, who operate from offices in Cape Town and Johannesburg, SA. Read about CVG Strategy here: https://27k1.com/cvg-strategy-llc-opens-the-us-market-for-the-27k1-isms . Similarly, the Ntrust Advisory news is at: https://27k1.com/ntrust-advisory-becomes-the-first-south-african-reseller-of-the-27k1-isms
ISO 27001 Consultant’s Forum – April Launch
Next month we will launch the UK’s first forum, dedicated to serving the interests of ISO 27001 consultants. The forum will enable its’ members to meet on-line, sharing in public or privately discussing their views, collaborate with opportunities and exchange ideas for bringing ISO 27001 to the SME sector.