ISO/IEC TR 27023:2015 — Information technology — Security techniques — Mapping the Revised Editions of ISO/IEC 27001 and ISO/IEC 27002
Originally prepared as a committee document for internal use by the members of ISO/IEC JTC 1/SC 27 (‘Standing Document 3’), it was decided to publish this freely as a Technical Report.
The document maps or compares the latest 2013 editions of ISO/IEC 2700 and ISO/IEC 27002 against the prior editions, indicating where the original sections have ended up.
Purpose and justification
Given the substantial ‘installed base’ of organizations using the previous versions of the main ISO27k standards, this TR is meant to help them transition to the new versions.
Status of the standard
The donor document was made available to SC 27 in October 2013 and was eventually published in July 2015 at a price of 118 Swiss Francs from ISO - too late and too expensive for many of the organizations that needed it.
Both standards were substantially revised for the 2013 release, hence it is confusing to compare the previous and latest versions. While the TR maps out (in 3 tables) where clauses from the earlier versions ended up in the 2013 versions, it does not explain or justify the changes.
Given the ridiculous amount of time needed for ISO/IEC to agree and publish a simple table, the whole exercise was rather pointless. By the time it finally hit the streets, this was very old news.
[SC 27 has learned the lesson: it is planned to incorporate a mapping into the next version of ISO/IEC 27002.]
By the way, the BSI’s FREE transition guide is excellent.