ISO27k-aligned security awareness service
ISO/IEC TR 27023
Creative security awareness materials

Creative security awareness materials for your ISMS

Copyright © 2017 IsecT Ltd.

ISO/IEC TR 27023:2015 Information technology — Security techniques — Mapping the Revised Editions of ISO/IEC 27001 and ISO/IEC 27002

Introduction

Originally prepared as a committee document for internal use by the members of ISO/IEC JTC 1/SC 27 (‘Standing Document 3’), it was decided to publish this freely as a Technical Report.

Scope

The document maps or compares the latest 2013 editions of ISO/IEC 2700 and ISO/IEC 27002 against the prior editions, indicating where the original sections have ended up.

Purpose and justification

Given the substantial ‘installed base’ of organizations using the previous versions of the main ISO27k standards, this TR is meant to help them transition to the new versions.

Status of the standard

The donor document was made available to SC 27 in October 2013 and was eventually published in July 2015 at a price of 118 Swiss Francs from ISO - too late and too expensive for many of the organizations that needed it.

Personal comments

Both standards were substantially revised for the 2013 release, hence it is confusing to compare the previous and latest versions. While the TR maps out (in 3 tables) where clauses from the earlier versions ended up in the 2013 versions, it does not explain or justify the changes.

Given the ridiculous amount of time needed for ISO/IEC to agree and publish a simple table, the whole exercise was rather pointless. By the time it finally hit the streets, this was very old news.

[SC 27 has learned the lesson: it is planned to incorporate a mapping into the next version of ISO/IEC 27002.]

 

By the way, the BSI’s FREE transition guide is excellent.