OK, so there has been discussion lately about the renaming of ISO 17799 to ISO 27002, and what the changes have really meant.
The only change is the addition of a Technical Corrigenda to the original ISO 17799:2005 document.
While ISO doesn't charge for the Technical Corrigenda, they will sell the original ISO 17799:2005 as ISO 27002:2007.
Why? The answer may be frustrating to some of you, but here it is:
ISO will not change the actual body of the document until it undergoes the scheduled review cycle, which begins in 2008. A Technical Corrigenda usually means that changes to a document are done to correct a blatant verbiage or technical problem. Sometimes, they are utilized as a means to update a document outside the review cycle, but this is done rarely.
Is this deceptive? It is certainly not meant to be so. This is just another example of how bureaucracy works, and ISO has very structured rules on how things are accomplished.
If you have ordered ISO 27002:2007 thinking that you were getting an entirely new document, and you already own ISO 17799:2005, I would encourage you to contact them for a refund.
Another alternative, by the way, is to look to National Bodies such as ANSI to see what their pricing is on their electronic stores. There are multiple delivery mechanisms out there to purchase these standards.
Don't look for the actual document to be changed to reflect ISO 27002 until well after 2008, when the review cycle is done.
Oh - and for those of you who haven't seen why the changeover occurred, it is to bring the standards into allignment with the 27000 series of standards.
If you have any questions or comments, please feel free to let me know.
Scott
Friday, July 20, 2007
Subscribe to:
Posts (Atom)