The document discusses changes between the 2005 and 2013 versions of the ISO 27001 standard for information security management systems. Key changes include a new structure aligned with other ISO standards, increased flexibility in risk assessment methods, and a stronger focus on continuous improvement, monitoring performance, and handling non-conformities beyond just security incidents. For organizations with an existing ISO 27001:2005 compliant risk management process, it will likely still be valid under the new standard, though some adjustments may be needed to fully meet the new requirements.