Both the ISO 17799 and 27001 standards were derived from multiple iterations of the originating British Standards Institute standard number BS7799. Originally this standard consisted of two parts. Part one was first adopted as ISO 17799. Part two was later adopted in 2005 as ISO 27001. The ISO 17799 standard will be renumbered under the ISO 27000 series of standards as ISO 27002 sometime in 2007 or 2008.
ISO 17799 is a code of practice. In essence, it is a set of guidelines that an organization may use in developing an information security management system. These guidelines have been developed over many years and have gone through many revisions. The guidelines are internationally accepted as one of the industry de facto best practice baselines. There is no certification for ISO 17799 as it is a set of guidelines that can be used to help ensure the compliance and successful implementation of the ISO 27001 specifications.
No comments:
Post a Comment