7/25/2019 ISO - ISO IEC 27001 2013 Cor 2 2015
1/2
INTERNATIONAL STANDARD ISO/IEC 27001:2013TECHNICAL CORRIGENDUM 2
Published 2015-12-01
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION COMMISSION LECTROTECHNIQUE INTERNATIONALE
Information technology Security techniques Informationsecurity management systems Requirements
TECHNICAL CORRIGENDUM 2
Technologies de l'information Techniques de scurit Systmes de management de la scurit del'information Exigences
RECTIFICATIF TECHNIQUE 2
Technical Corrigendum 1 to ISO/IEC 27001:2013 was prepared by Joint Technical Committee ISO/IECJTC 1, Information technology, Subcommittee SC 27, IT Security techniques
ICS 35.040 Ref. No. ISO/IEC 27001:2013/Cor.2:2015(E)
ISO/IEC 2015 All rights reserved
Published in Switzerland
7/25/2019 ISO - ISO IEC 27001 2013 Cor 2 2015
2/2
ISO/IEC 27001:2013/Cor.2:2015(E)
2 ISO/IEC 2015 All rights reserved
Page 4, Subclause 6.1.3
Replace
Control
d) produce a Statement of Applicability that contains the necessary controls (see 6.1.3 b) and c)) andjustification for inclusions, whether they are implemented or not, and the justification for exclusions ofcontrols from Annex A;
with
Control
d) produce a Statement of Applicability that contains: the necessary controls (see 6.1.3 b) and c));
justification for their inclusion;
whether the necessary controls are implemented or not; and
the justification for excluding any of the Annex A controls.