iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 27013:2021/Amd 1:2024

(Amendment)

Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 — Amendment 1

Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 — Amendment 1

Sécurité de l'information, cybersécurité et protection de la vie privée — Recommandations pour la mise en œuvre intégrée de l'ISO/IEC 27001 et de l'ISO/IEC 20000-1 — Amendement 1

General Information

Status
Published
Publication Date
09-Dec-2024
ICS
03.080.99 - Other services
03.100.70 - Management systems
35.020 - Information technology (IT) in general
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Current Stage
6060 - International Standard published
Start Date
10-Dec-2024
Due Date
10-Dec-2024
Completion Date
10-Dec-2024
Ref Project

Relations

Amends
ISO/IEC 27013:2021 - Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
Effective Date
29-Oct-2022

Buy Standard

ISO/IEC 27013:2021/Amd 1:2024 - Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 — Amendment 1 Released:12/10/2024ISO/IEC 27013:2021/Amd 1:2024 - Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 — Amendment 1 Released:12/10/2024
PreviousNext
Standard
ISO/IEC 27013:2021/Amd 1:2024 - Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 — Amendment 1 Released:12/10/2024
English language
4 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 27013
Third edition
Information security, cybersecurity
2021-11
and privacy protection — Guidance
on the integrated implementation of
AMENDMENT 1
ISO/IEC 27001 and ISO/IEC 20000-1
2024-12
AMENDMENT 1
Sécurité de l'information, cybersécurité et protection de la vie
privée — Recommandations pour la mise en œuvre intégrée de
l'ISO/IEC 27001 et de l'ISO/IEC 20000-1
AMENDEMENT 1
Reference number
ISO/IEC 27013:2021/Amd. 1:2024(en) © ISO/IEC 2024

ISO/IEC 27013:2021/Amd. 1:2024(en)
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
ISO/IEC 27013:2021/Amd. 1:2024(en)
Information security, cybersecurity and privacy protection —
Guidance on the integrated implementation of ISO/IEC 27001
and ISO/IEC 20000-1
AMENDMENT 1
2  Normative references
Replace reference to ISO/IEC 27001 with the following:
ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security
management systems — Requirements
Also replace all references to ISO/IEC 27001:2013 throughout the text of the document with
ISO/IEC 27001:2022.
4.2  ISO/IEC 27001 concepts
nd
Replace the last sentence of the 2 paragraph with the following:
Examples of requirements relevant to interested parties include business requirements, legal and regulatory
requirements and contractual obligations.
Replace the reference to ISO/IEC 27001:2013 with ISO/IEC 27001:2022.

4.4  Similarities and differences
Replace the third paragraph with the following:
See Annex A for details of the correspondence between ISO/IEC 27001:2022, Clauses 1 to 10, and
ISO/IEC 20000-1:2018, Clauses 1 to 10. See Annex B for a comparison of terms and definitions between
ISO/IEC 27000 and ISO/IEC 20000-1.

6.2.1  Requirements and controls
Replace the entire subclause with the following:
ISO/IEC 27001:2022, Clauses 4 to 10, specifies requirements for an ISMS. In addition, ISO/IEC 27001:2022,
Annex A, contains an extensive list of controls. The controls in ISO/IEC 27001:2022, Annex A, are not
requirements and are not mandatory. ISO/IEC 27001:2022, 6.1.3, specifies that the organization defines and
applies an information security risk treatment process to determine all controls necessary to implement
information security risk treatment options chosen and then compare the necessary controls with those in
ISO/IEC 27001:2022, Annex A, and verify that no necessary controls have been omitted. The statement of
applicability (SoA) is then used to record which controls are relevant to the organization’s ISMS. The controls
listed in ISO/IEC 27001:2022, Annex A, are not exhaustive and can be substituted with others, or additional
controls can be added as needed. This means it is possible for the organization’s SoA to:
a) include only a subset of the controls in ISO/IEC 27001:2022, Annex A;

© ISO/IEC 2024 – All rights reserved
ISO/IEC 27013:2021/Amd. 1:2024(en)
b) not include any of the ISO/IEC 27001:2022, Annex A, controls;
c) include alternative controls;
d) include a combination of controls from ISO/IEC 27001:2022, Annex A, and other sources.
Any control within ISO/IEC 27001:2022, Annex A, that would not modify one or more unacceptable risks,
is unnecessary for the organization. Similarly, controls not included in ISO/IEC 27001:2022, Annex A, can
be determined as necessary to modify risk. Organizations can design controls as required or identify them
from any source.
ISO/IEC 20000-1 specifies requirements for the SMS but does not list any controls and does not specify a
requirement for a Statement of Applicability, so there is no direct correlation between ISO/IEC 27001:2022,
Annex A, and ISO/IEC 20000-1. However, ISO/IEC 20000-1:2018, 8.7.3.2, includes a requirement to determine
controls to address information security risks to the SMS and the services, and to document the decisions
about these controls. In addition, there is a requirement to monitor and review the effectiveness of these
controls, and to take action if required.
Organizations wishing to integrate an ISMS and an SMS should distinguish between the requirements
specified in ISO/IEC 27001 and ISO/IEC 20000-1, and the information security controls specified in
ISO/IEC 27001:2022, Annex A. Even if it appears that there is a common topic area between a requirement
specified in ISO/IEC 20000-1 and a control included in ISO/IEC 27001:2022, Annex A, the distinction
between requirements and controls should be understood and communicated to avoid confusion within the
organization.
6.2.2   Assets and configuration items
Replace the reference to ISO/IEC 27001:2013 with ISO/IEC 27001:2022.
Add the following as a new final paragraph to 6.2.2:
ISO/IEC 27001:2022, Annex A includes control 8.9 for "configuration management". This term is also used in
ISO/IEC 20000-1, but not in the same sense, so care should be taken to not assume any
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 27013:2021(Main)
Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

This document gives guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations intending to: a) implement ISO/IEC27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement both ISO/IEC27001 and ISO/IEC 20000-1 together; or c) integrate existing management systems based on ISO/IEC27001 and ISO/IEC 20000-1. This document focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1.

  • Standard
    60 pages
    English language
    sale 15% off
  • Standard
    60 pages
    English language
    sale 15% off
ISO
ISO/IEC 27013:2021(Main)
Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

This document gives guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations intending to: a) implement ISO/IEC27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement both ISO/IEC27001 and ISO/IEC 20000-1 together; or c) integrate existing management systems based on ISO/IEC27001 and ISO/IEC 20000-1. This document focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1.

  • Standard
    60 pages
    English language
    sale 15% off
  • Standard
    60 pages
    English language
    sale 15% off
ISO
ISO/TR 5863:2025(Main)
Integrative design of the building envelope — General principles

This document provides an overview of the design principles for the building envelope in order to achieve a high quality and energy efficient built environment. The design principles include: — thermal performance; — daylight and visual environment; — air quality; — provisions of natural and mechanical ventilation; — air barrier (airtightness); — watertightness; — moisture proof; — soundproofing; — sustainability and integration with technical building systems and controls. This document is applicable to new buildings and the retrofit of existing buildings.

  • Technical report
    18 pages
    English language
    sale 15% off
ISO
ISO 16823:2025(Main)
Non-destructive testing — Ultrasonic testing — Through-transmission technique

This document specifies the principles of ultrasonic through-transmission techniques. Through-transmission techniques can be used for: — detection of discontinuities; — determination of sound attenuation. The general principles required for the use of ultrasonic testing of industrial products are described in ISO 16810. The through-transmission technique is used for the testing of flat products, e.g. plates and sheets. Further, it can be used for tests, for example: — where the shape, dimensions or orientation of possible discontinuities are unfavourable for direct reflection; — of materials with high sound attenuation; — on thin test objects.

  • Standard
    12 pages
    English language
    sale 15% off
ISO
ISO 16122-1:2024(Main)
Agricultural and forestry machinery — Inspection of sprayers in use — Part 1: General

This document defines the general requirements to be fulfilled for the inspection of all types of sprayers for plant protection products used in agriculture, horticulture, forestry and other areas, except knapsack sprayers. NOTE For knapsack sprayers, see ISO/FDIS 19932–3:—. The specific requirements for the different types of sprayers are defined in the relevant specific parts of the ISO 16122 series. When used in conjunction with the relevant sprayer specific part (see Annex A), this document specifies the requirements and test methods for the inspection of sprayers in use. The requirements relate mainly to the condition of the sprayer with respect to potential risks for the environment and its performance to achieve a good application. This document also includes minimum requirements for the preparation of the sprayer for the inspection and the minimum safety requirements with respect to the safety of the inspector (test operator) during the inspection.

  • Standard
    8 pages
    English language
    sale 15% off
  • Standard
    9 pages
    French language
    sale 15% off
ISO
ISO/TR 5914:2024(Main)
Railway applications — Rolling stock — Interior passive safety

This document reports worldwide best practice to minimize the risk of death and injury to occupants of rail vehicles in the event of a collision or derailment. This document investigates recent interior designs for passenger areas in heavy rail vehicles (e.g. coaches, fixed units, trainsets), including refurbished interiors.

  • Technical report
    62 pages
    English language
    sale 15% off
ISO
ISO/IEC 15415:2024(Main)
Automatic identification and data capture techniques — Bar code symbol print quality test specification — Two-dimensional symbols

This document — specifies two methodologies for the measurement of specific attributes of two-dimensional bar code symbols – one of which applies to multi-row bar code symbologies and the other to two-dimensional matrix symbologies; — specifies methods for evaluating and grading these measurements and deriving an overall assessment of symbol quality; — gives information on possible causes of deviation from optimum grades to assist users in taking appropriate corrective action. This document applies to two-dimensional symbologies for which a reference decode algorithm has been defined, however the methodologies in this document can be applied partially or wholly to other similar symbologies. NOTE While this document can be applied to direct part marks, better correlation between measurement results and scanning performance can be obtained with ISO/IEC 29158 in combination with this document.

  • Standard
    46 pages
    English language
    sale 15% off
ISO
ISO 209:2024(Main)
Wrought aluminium and aluminium alloys — Chemical composition

This document specifies the chemical composition limits of wrought products and ingots intended to be wrought in aluminium and aluminium alloys.

  • Standard
    20 pages
    English language
    sale 15% off
  • Standard
    17 pages
    French language
    sale 15% off
ISO
ISO 4379:2024(Main)
Plain bearings — Copper alloy bushes — Dimensions and tolerances

This document specifies dimensions and tolerances for cylindrical and flanged bushes with inside diameter, d1, in the range 6 mm to 200 mm. This document applies to solid mono-metal copper alloy bushes to be used as plain bearings with and without oil holes and oil grooves.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO 23675:2024(Main)
Cosmetics — Sun protection test methods — In vitro determination of sun protection factor (SPF)

This document specifies a method for the in vitro determination of sun protection factor (SPF). This method is applicable to sunscreen products in form of an emulsion or alcoholic one-phase formulation, excluding in form of a loose or compressed powder or stick. Specifications are given to enable determination of the spectral absorbance characteristics of SPF protection in a reproducible manner. Use of this method is strictly for the determination of a static sun protection factor. It is not applicable for the determination of water-resistance properties of a sun protection product.

  • Standard
    44 pages
    English language
    sale 15% off
  • Standard
    45 pages
    French language
    sale 15% off