Profile cover photo
Profile photo
ISOQAR Inc.
6 followers -
accreditation, audit, regulation, business
accreditation, audit, regulation, business

6 followers
About
Posts

Post has attachment
Congratulations to Whitepath Fab Tech, Inc who have achieved registration to ISO 9001:2008 with ISOQAR Inc
Based in Blue Ridge, GA, with two other sites in Ellijay, GA and one in Saltillo , Mexico, Whitepath Fab Tech manufacture a variety of electrical components for industrial machnery 
You can find out more about them at their website, www.whitepath.com
Whitepath Fab Tech
Whitepath Fab Tech
whitepath.com
Add a comment...


ISO 27001:2013 Published

ISO 27001:2013 is an information security standard that was published on the 1st October 2013. It cancels and replaces ISO 27001:2005, and is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is a specification for an information security management system (ISMS). 

Structure of the standard

The official title of the standard is "Information technology— Security techniques — Information security management systems — Requirements".
ISO 27001:2013 has ten short clauses, plus a long annex, which cover:
1. Scope of the standard
2. How the document is referenced
3. Reuse of the terms and definitions in ISO/IEC 27000
4. Organizational context and stakeholders
5. Information security leadership and high-level support for policy
6. Planning an information security management system; risk assessment; risk treatment
7. Supporting an information security management system
8. Making an information security management system operational
9. Reviewing the system's performance
10. Corrective action
Annex A: List of controls and their objectives.
 
The structure of ISO 27001:2013 is based on Annex SL - Since April 2012 all new and revised management system standards must conform to new rules regarding the structure and content of
management system standards. These rules are documented in Annex SL, Appendix 3 to the ISO/IEC Directives, Part 1 — Consolidated ISO Supplement, referred to as Annex SL for short. In essence, Annex SL specifies the high level structure, identical core text, common terms and core definitions that form the nucleus of future and revised ISO management system requirements standards. The concept is that some requirements, e.g. management review, are common. This structure mirrors the structure of other new management standards such as ISO 22301 (business continuity management); this helps organizations who aim to comply with multiple standards, to improve their IT from different perspectives.  Annexes B and C of 27001:2005 have been removed. 

Changes from the 2005 Standard

The new standard puts more emphasis on measuring and evaluating how well an organization's ISMS is performing, and there is a new section on outsourcing, which reflects the fact that many organizations rely on third parties to provide some aspects of IT.  It does not emphasise the Plan-Do-Check-Act cycle that 27001:2005 did.  More attention is paid to the organizational context of information security, and risk assessment has changed.  Overall, 27001:2013 is designed to fit better alongside other management standards such as ISO 9000 and ISO 20000, and it has more in common with them. 
New controls:
A.6.1.5 Information security in project management
A.12.6.2 Restrictions on software installation
A.14.2.1 Secure development policy
A.14.2.5 Secure system engineering principles
A.14.2.6 Secure development environment
A.14.2.8 System security testing
A.15.1.1 Information security policy for supplier relationships
A.15.1.3 Information and communication technology supply chain
A.16.1.4 Assessment of and decision on information security events
A.16.1.5 Response to information security incidents
A.17.2.1 Availability of information processing facilities

Controls

Clause 6.1.3 describes how an organization can respond to risks with a risk treatment plan; an important part of this is choosing appropriate controls. These controls, and control objectives, are listed in Annex A, although it is also possible in principle for organizations to pick other controls elsewhere. There are now 114 controls in 14 groups; the old standard had 133 controls in 11 groups.[10]
A.5: Information security policies
A.6: Organization of information security
A.7: Human resource security (controls that are applied before, during, or after employment)
A.8: Asset management
A.9: Access control
A.10: Cryptography
A.11: Physical and environmental security
A.12: Operations security
A.13: Communications security
A.14: System acquisition, development and maintenance
A.15: Supplier relationships
A.16: Information security incident management
A.17: Information security aspects of business continuity management
A.18: Compliance (with internal requirements, such as policies, and with external requirements, such as laws)
The new and updated controls reflect changes to technology affecting many organizations - for instance, the Cloud.[11]

Transition for Applicant and Certified Organizations

The ANAB have issued a Heads Up regarding the timelines for existing clients to transition to the new version.  The wording below is taken directly from this Heads Up

Organizations Certified Within the Scheme Before 2013/10/01
Audits and re-certifications of organizations already certified using ISO/IEC 27001:2005 will be permitted for the 24 months following publication of the standard to allow organizations time to adapt to meet the new requirements.
After 2015/10/01, only audits and re-certifications using the ISO/IEC 27001:2013 will be accepted. 

New Applications for ISO 27001 Certification Received After 2013/10/01
Audits and certifications of newly certified organizations will be permitted using ISO/IEC 27001:2005 until 2014/10/01. After 2014/10/01, only audits and certifications using ISO/IEC 27001:2013 will be accepted.

For further information, contact ISOQAR Inc at inquiries@isoqarinc.com or 866 947 6727  
Add a comment...

Post has attachment
Congratulations to ST Electronics, Inc who have achieved registration to AS9120A with ISOQAR Inc
Based in St Petersburg, FL, ST Electronics are a stockist and distributor of electronic components 
You can find out more about them at their website, www.stelectronicsint.com
ST Electronics
ST Electronics
stelectronicsint.com
Add a comment...

Post has attachment
Congratulations to Litron, Inc who have achieved registration to ISO 13485:2003 with ISOQAR Inc
Based in Agawam, MA, Litron provide laser based manufacturing and welding services for medical devices 
You can find out more about them at their website, www.litron.com
Add a comment...

Post has attachment
Congratulations to Tech R2 who have achieved registration to ISO 27001:2005 with ISOQAR Inc
Based in Reynoldsburg, OH, Tech R2 provide e-waste management solutions and on-site data destruction
You can find out more about them at their website, www.techr2.com
Add a comment...
Wait while more posts are being loaded