在ISO 27001:2013 與ISO 27001:2005差異比較#4說明新版ISO27001/27002新增了12項控制措施(controls),將一一進行解說與分享:
12.6.2 Restrictions on software installation 限制軟體安裝
Control 控制措施
Rules governing the installation of software by users should be established and implemented.
宜建立與實作使用者安裝軟體的規則
Implementation guidance實作指引
The organization should define and enforce strict policy on which types of software users may install.
The principle of least privilege should be applied. If granted certain privileges, users may have the ability to install software. The organization should identify what types of software installations are permitted (e.g. updates and security patches to existing software) and what types of installations are prohibited (e.g. software that is only for personal use and software whose pedigree with regard to being potentially malicious is unknown or suspect). These privileges should be granted having regard to the roles of the users concerned.
Other information
Uncontrolled installation of software on computing devices can lead to introducing vulnerabilities and then to information leakage, loss of integrity or other information security incidents, or to violation of intellectual property rights.

新版的ISO 27001/27002建議組織建立與實作使用者安裝軟體的規則, 來規範使用者可以安裝那些軟體, 不可以安裝那些軟體, 以避免導致安全事故或違反智財權規定.