Recently I went to a forum about ISO/IEC 27001. At the end of the forum what caught my attention was the changes on the new version draft, where the main approach is to standardise all ISO normalisation documents to SL Annex, here is a list of the mail changes:
- Definitions is gone from ISO/IEC 27001, now ISO/IEC 27000 definitions apply.
- PDCA model removed, continuous improvement is inherent.
- +28 new mandatory requirements for a total of 130.
- Inclusion of new sections.
- Implementation order is irrelevant, what matter is get compliant.
- Riskowner is the new role for risk assessment process.
- -19 controls on Annex A, going from 133 in version 2005 to 114 in new draft.
There a couple more changes but I think this are the most relevant.