在ISO 27001:2013 與ISO 27001:2005差異比較#4說明新版ISO27001/27002新增了12項控制措施(controls),將一一進行解說與分享:
A.6.1.5 Information security in project management
專案管理的資訊安全
Control 控制措施 Information security should be addressed in project management, regardless of the type of the project.
Implementation guidance實作指引 Information security should be integrated into the organization’s project management method(s) to ensure that information security risks are identified and addressed as part of a project. This applies generally to any project regardless of its character, e.g. a project for a core business process, IT, facility management and other supporting processes. The project management methods in use should require that:
a) information security objectives are included in project objectives;
b) an information security risk assessment is conducted at an early stage of the project to identify necessary controls;
c) information security is part of all phases of the applied project methodology.
Information security implications should be addressed and reviewed regularly in all projects. Responsibilities for information security should be defined and allocated to specified roles defined in the project management methods.

新版的ISO 27001/27002 強調除了日常活動要注意資訊安全外, 有專案活動發生時, 也要將資訊安全風險納入考量, 尤其要在專案啟始時就要做風險評鑑, 並在專案實施所有階段都將資訊安全納入.