Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Sue Thomas
October 18, 2005, 4:02 pm
rate this thread
an official ISO standard.
This particular standard defines an 'Information Security Management
System' (commonly known as an ISMS), and compliments the existing ISO
17799 standard. It basically specifies a best practice framework for
the design and maintenance of information security processes within an
The two standards are closely aligned and interlinked, but have very
This lists many hundreds of individual and detailed security controls,
which may be selected as part of the security management system.
This specifies the overall requirements for the security management
system itself. It is this document, as opposed to 17799, against which
a certification route is offered. ISO 27001, which was built upon an
earlier version of BS7799, has also been made more compatible with
other management standards.
THE GLOBAL IMPACT
The publication of the new standard is likely to herald a rapid
increase in interest in both information security generally and
certification specifically. Organizations already certified via
BS7799-2 will take a transitional route, whereas the international
status of the new standard is certain to have an impact on the numbers
following the certification or compliance route.
This has already started to manifest itself in terms of the record
number of pre-orders for the new standard, and the recent membership
increases of the Online ISO 17799 User Group (located at
The new standard can be obtained via:
StandardsDirect (BSI): http://17799.standardsdirect.org
It will also be available via SNV shortly from the following page:
Finally, the support kit for the standard has also been updated to
reflect todays changes: http://www.17799-toolkit.com
Additional information on both these standards can be obtained from the
ISO 17799 News website at: