The ISO 27001 standard was published in October 2005, replacing the old BS7799-2 standard.
It specifies the requirements for an ISMS, an Information Security Management System.
BS7799 itself was a long standing standard, first published in the nineties as a code of practice. As this matured, a second part emerged to cover management systems.
It is this against which certification is granted. Today in excess of a thousand certificates are in place, across the world.
ISO 27001 enhanced the content of BS7799-2 and harmonized it with other standards.
The objective of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System”.
No comments:
Post a Comment