Transitioning to ISO 27001:2013 – An Interview with Alan Calder

By   ISBuzz Team
Writer , Information Security Buzz | Jul 16, 2014 05:04 pm PST

With the release of ISO 27001:2013 last October, organizations that are already certified to the 2005 version of the ISO 27001 Information Security Standard will be looking to transition to the new 2013 version over the next 12 months. The updated Standard contains changes that will affect the way you maintain your Information Security Management System (ISMS). Alan Calder, a globally recognized expert in information security and ISO 27001, is holding an online training course on July 30, 2014, which aims to help delegates successfully transition their organization to the updated version of the Standard.

Information Security Buzz got in touch with Alan, who is also the Founder and Executive Chairman of cyber security firm IT Governance, to answer a few burning questions on transitioning your existing ISMS. We are delighted to share what Alan told us in this exclusive interview:

Hi, Alan. First, thanks for taking time out to speak to us. We appreciate that information security and cyber security are becoming ever more important to businesses. What role does ISO 27001 play?

ISO 27001 is the internationally recognized information security Standard that describes best practice for an Information Security Management System (ISMS). The Standard sets out specific requirements, all of which must be followed, against which an organization’s ISMS can be audited and certified. ISO 27001 is recognized by businesses and clients worldwide, thereby providing confidence in how you manage risk.

And why do you feel the need for a transition course?

ISO 27001:2005 will become obsolete in the next 12 months. Organizations that have achieved certification to the 2005 version of the Standard will therefore be looking to transition to the 2013 version in order to keep their ISO 27001 certification.

The transition course addresses the need to answer our customers’ questions about the changes made to the Standard and give them the knowledge to update their certificate successfully.

This particular course is in online format – how does that work?

When delegates book a place with us, they’ll be given details of how to log in via WebEx, a piece of webinar software that is easily downloadable to any computer. Delegates can log in with either their headset or phone, after which they will be able to see slides and hear me go through the course. The beauty of this format is that it is live and fully interactive, meaning delegates can ask questions and really get to understand the updated version of the Standard from their home or office.

Currently, IT Governance only offers classroom-based training in the UK, so this is a great way for delegates worldwide to attend such a high-profile training course.

How would you say this is different from attending a webinar on the subject?

Webinars only tend to give people an introduction to the subject area. This online course is a lot more: not only do you receive the same information as you would on one of our classroom courses, you will also receive a number of complementary eBooks, including An Introduction to Information Security and ISO 27001:2013 and ISO 27001/ISO 27002: A Pocket Guide. Delegates can also sit the accredited IBITGQ exam at the end of the course, which will enable them to upgrade any existing ISO 27001 Lead Implementer or Lead Auditor certificates to the 2013 version of the standard

What is your background in information security?

I have always had an interest in in information and how it is handled, right from the start of my career. Back in 1996, my colleague and fellow Director at IT Governance Steve Watkins and I were responsible for BLLCP becoming the first company to achieve ISO 27001 (then known as BS 7799) certification when the Standard was first promulgated. Since then my colleagues and I have helped hundreds of organizations to implement effective information security management systems, and have been involved in the development of both the accredited certification scheme and related training standards.

The ISO 27001:2013 Certified ISMS Transition Live Online Training Course will be held on July 30, 2014 at 9 am EST. Book your place today.

About IT Governance

it governanceIT Governance is dedicated to engaging with boards and business executives of both public and private sector organisations so that they are better able to properly manage their information technology strategies to achieve strategic goals, protect and securetheir intellectual capital and the company’s whole market value and meet relevant corporate governance and regulatory compliance objectives.