Monday, December 29, 2008

The relationship between ISO 27002 and ISO 27001

ISO/IEC 27002:2005 (ISO 27002) was previously known as ISO/IEC:17799:2005 but was renamed in 2007 to bring it in line with other Standards within the ISO 27000 family.
ISO/IEC 27002:2005 (ISO 27002) was previously known as ISO/IEC:17799:2005 but was renamed in 2007 to bring it in line with other Standards within the ISO 27000 family.
An organisation wishing to comply with ISO 27002 can select controls from the Standard and implement controls based on the best practice contained within the guide.
ISO 27001 is entitled "Information Technology – Security Techniques – Information Security Management Systems Requirements" and provides a framework for those organisations who are seeking formal certification.
Certification is provided by an external assessment body who are accredited to certify organisations to ISO 27001.

No comments:

Post a Comment