URS Certification Quick Contact

Email id:
URS Home Page
Our Clients

URS Holdings Worldwide
Contact Us

If you have some questions or are interested in our services, please use the Inquiry Form. We will respond to your questions within 48 hours. Click Here>>

Website Hit Counter
URS Latest News


ISO 27001:2013

ISO 27001:2013 Is An Information Security Standard That Was Published On The 25 September 2013, Replaces ISO 27001: 2005 Version.


Basic Changes To New Standard:


*Revised Scope Statement - Connect How Enterprise Risk Is Linked To Information Risk And Then Describe How Your Scope Addresses The Enterprise Risk.

*Enterprise Risk Mapping - The Standard Demands That You Provide A Link Between Your Enterprise Risks And Information Risks. You Must Do An Enterprise Risk Mapping If You Don't Have One. This An Exercise With The CEO. Enterprise Risks Assessment Takes Time And Expertise.

*Focused Risk Assessment - Define A More Structured Risk Assessment Approach That Quantifies Information Risks. Apply The Risk Assessment Methodology To Your Organisation's Assets. Perform The Risk Assessment.

*Gap Analysis/Risk Assessment On The Newly Added Controls. There Are 14 Domains, 35 Control Objectives And 112 Detail Controls. Identity The Newly Added Ones And Identify The Additional Ones That Are Applicable.

*Define Measurements, Implement And Measure The Newly Implemented Controls. Implement Associate People, Process And Technology Controls Associated With This. This Will Take Time. The New Standard Needs A Measurement Framework On Which You Can Benchmark Your Existing ISMS Performance.

*Improve And Align Your Statement Of Applicability (SOA) To The New SOA. This Requires Alignment With 14 Domains 35 Control Objectives And 112 Detail Controls.

*Document Your ISMS Manual - Management Framework & Control Framework.


Information Security Controls Domains - As Per New Standard

A.5: Information Security Policies

A.6: How Information Security Is Organised

A.7: Human Resources Security - Controls That Are Applied Before, During, Or After Employment.

A.8: Asset Management

A.9: Access Controls And Managing User Access

A.10: Cryptographic Technology

A.11: Physical Security Of The Organisation's Sites And Equipment

A.12: Operational Security

A.13: Secure Communications And Data Transfer

A.14: Secure Acquisition, Development, And Support Of Information Systems

A.15: Security For Suppliers And Third Parties

A.16: Incident Management

A.17: Business Continuity/Disaster Recovery (To The Extent That It Affects Information Security)

A.18: Compliance - With Internal Requirements, Such As Policies, And With External Requirements, Such As Laws.

Information Security Controls – As per New Standard

·         A.6.1.5 Information security in project management

·         A.12.6.2 Restrictions on software installation

·         A.14.2.1 Secure development policy

·         A.14.2.5 Secure system engineering principles

·         A.14.2.6 Secure development environment

·         A.14.2.8 System security testing

·         A.15.1.1 Information security policy for supplier relationships

·         A.15.1.3 Information and communication technology supply chain

·         A.16.1.4 Assessment of and decision on information security events

·         A.16.1.5 Response to information security incidents

·         A.17.2.1 Availability of information processing facilities


For subscribing copy of Standard visit below link of ISO Organiztaion:



Please Apply below detail for quick contact to URS Team

Varification Code

URS Global Group offers various services Worldwide, many of the services hold accreditations where applicable. Each accreditation follows a uniform management system which is operated by a separate legal entity within the group. For status of individual scheme and accreditation, please contact URS at info@ursindia.com or the website of the accreditation body.

Copyright © 2020 | www.ursindia.com | All rights reserved.