Directory of information security policies  
computer security standards and  
information security policy resources  

 Directory of information security policies and information security policy resources Contact Us Front Page

ISO 17799 Description and Review

ISO 17799 is the most widely recognised security standard. It is based upon the original version of BS7799, which was first published in 1995, an edition which itself was based on an earlier document called the 'Information Security Code of Practice'. The first version of ISO 17799 was published in December of 2000.

ISO17799 is very comprehensive in its coverage of security issues. It contains a substantial number of control requirements, some of which are extremely complex and detailed.

Compliance with ISO 17799, or indeed any detailed security standard, is therefore not a trivial or 'fast track'task, even for the most security aware of organizations. Certification with its 'sister' publication, ISO 27001, can be even more daunting.

It is recommended therefore that ISO 17799 is approached step by step. The best starting point is often an assessment of the current position, followed by identification of what changes are needed for ISO17799 compliance. From here, planning and implementation can be undertaken.

As just referenced, certification is actually awarded against ISO 27001, which is the management part of the standard set. This too is very clear in respect of the need for the implementation of an appropriate set of information security policies. It is therefore recommended that, as the international popularity of both of these standards increasing rapidly, they are carefully considered when developing or implementing your policies.

For additional information, see our onboard ISO 17799 Presentation or externally, perhaps visit the ISO 17799 Directory.



Copyright © 1993-2001    The Security Policies & Standards Group