7/25/2019 ISO - ISO IEC 27001 2013 Cor 2 2015

1/2

INTERNATIONAL STANDARD ISO/IEC 27001:2013TECHNICAL CORRIGENDUM 2

Published 2015-12-01

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ORGANISATION INTERNATIONALE DE NORMALISATION

INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION LECTROTECHNIQUE INTERNATIONALE

Information technology Security techniques Informationsecurity management systems Requirements

TECHNICAL CORRIGENDUM 2

Technologies de l'information Techniques de scurit Systmes de management de la scurit del'information Exigences

RECTIFICATIF TECHNIQUE 2

Technical Corrigendum 1 to ISO/IEC 27001:2013 was prepared by Joint Technical Committee ISO/IECJTC 1, Information technology, Subcommittee SC 27, IT Security techniques

ICS 35.040 Ref. No. ISO/IEC 27001:2013/Cor.2:2015(E)

ISO/IEC 2015 All rights reserved

Published in Switzerland

7/25/2019 ISO - ISO IEC 27001 2013 Cor 2 2015

2/2

ISO/IEC 27001:2013/Cor.2:2015(E)

2 ISO/IEC 2015 All rights reserved

Page 4, Subclause 6.1.3

Replace

Control

d) produce a Statement of Applicability that contains the necessary controls (see 6.1.3 b) and c)) andjustification for inclusions, whether they are implemented or not, and the justification for exclusions ofcontrols from Annex A;

with

Control

d) produce a Statement of Applicability that contains: the necessary controls (see 6.1.3 b) and c));

justification for their inclusion;

whether the necessary controls are implemented or not; and

the justification for excluding any of the Annex A controls.