Versions Compared

Version Old Version 5 New Version Current
Changes made by

Martin Perou

Martin Perou

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Roadmap Item moved to Published status & Published and Effective dates added

...

Page Properties
id2

Description

A change to ensure continued Supplier certification to the current version of the ISO/IEC 27001 standard.

Date Added

Standards and Capabilities

Information Governance, Business Continuity and Disaster Recovery, Hosting & Infrastructure

Change Route

Managed Capacity - Other

Change Type

Uplift

Status

DraftPublished

Publication Date

TBC

Effective Date

TBC

Incentives / Funding

No

Incentive / Funding Dates

N/A

...

Applicable Framework(s)

Req. ID

Standard

Name

Description

Level

Evidence

All

ES4.0

ISO 27001 - IT Security Management Systems

ISO/IEC 27001

ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

The requirements set out in ISO/IEC 27001 are generic and are intended to be applicable to all organisations, regardless of type, size or nature.

Note: This requirement is only applicable to Supplier’s who’s Suppliers whose Solution is hosted by a non-pre-accredited third party.

SHOULD

Status
colourRed
titlemust

ISO/IEC 27001 Accreditation
A valid ISO 27001 Certificate is required from a UKAS-registered accreditation organisation, or IAF registered accreditation organisation in exceptional circumstances. or IAF registered accreditation organisation in exceptional circumstances.

Full Specification

...

Assurance Approach

Suppliers to provide updated TMs for review by the Compliance SMEs for the applicable Standards.