PRESS RELEASE
2 November 2005
The internationally recognised British Standard, BS 7799-2:2002 has been updated and adopted as an international standard, ISO/IEC 27001:2005.
The standard was published by the International Organization for Standardization (ISO) on 15 October 2005. Essentially, ISO/IEC 27001 defines an Information Security Management System (ISMS) and complements the ISO/IEC 17799 'code of practice' standard, itself first published as BS 7799-1. The two standards are closely aligned and related, but perform distinctive roles.
ISO/IEC 17799 details a number of individual security controls, which may be selected and applied as part of the ISMS. ISO/IEC 17799, again based on a British Standard, is scheduled to become ISO/IEC 27002 in a couple of years.
ISO/IEC 27001 specifies the requirements for the security management system itself. It is this standard, as opposed to ISO/IEC 17799, against which certification is offered. ISO/IEC 27001 has also been harmonised to be compatible with other management systems standards, such as ISO/IEC 9001 and ISO/IEC 14001. Organisations already certified under BS 7799-2:2002 need to prepare for transition to ISO/IEC 27001 in order to meet its requirements.
The international status of ISO/IEC 27001 will have a global impact and its release should see yet more interest in both information security management and certification.
BSI Management Systems provides professional training, assessment and certification services for ISO/IEC 27001 worldwide.
- ENDS -
Notes to editors on ISO/IEC 27001:2005:
ISO/IEC 27001 is a standard setting out the requirements for an information security management system (ISMS). The standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties including an organisation’s customers. It is suitable for several different types of organsational use, including the following:
Formulation of security requirements and objectives;
To ensure that security risks are cost effectively managed;
To ensure compliance with laws and regulations;
As a process framework for the implementation and management of controls to ensure that the specific security objectives of an organisation are met;
Identification and clarification of existing information security management processes;
To be used by management to determine the status of information security management activities;
To be used by internal and external auditors to determine the degree of compliance with the policies, directives and standards adopted by an organisation;
To provide relevant information about information security policies, directives, standards and procedures to trading partners;
To provide relevant information about information security to customers.
Notes to editors on ISO/IEC 17799:2005:
The ISO/IEC 17799 Code of Practice for Information Security Management establishes guidelines and general principles for organisations to initiate, implement, maintain, and improve information security management. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management:
Security policy;
Organisation of information security;
Asset management;
Human resources security;
Physical and environmental security;
Communications and operations management;
Access control;
Information systems acquisition, development and maintenance;
Information security incident management;
Business continuity management;
Compliance.
About BSI Management Systems
BSI Management Systems provides organisations with independent third party certification of their management systems, including ISO/IEC 9001:2000 (Quality), ISO/IEC 14001:2004 (Environmental Management), OHSAS 18001 (Occupational Health & Safety), ISO/IEC 27001 (Information Security), ISO/IEC 22000 (Food Safety), BS 15000 (IT Service Management) etc.
As one of the world’s leading management systems registrars, BSI Management Systems has more than 40,000 clients worldwide thereby helping all kinds of organisations improve their business efficiency and reduce their risk. BSI Management Systems operates from four regional hubs based in the UK, Europe, Asia and America, with the capability to deliver assessments worldwide, reinforcing BSI’s commitment to deliver assessments with an unrivalled level of consistency across the world. This assessment capability is further augmented by training and advisory activities deemed essential to guiding clients towards the successful adoption and implementation of best practice.
For further information about BSI Management Systems, please visit: http://www.bsi-emea.com/InformationSecurity/index.xalter
For Media Information:
Lucy Fulton
Public Relations Officer
Tel: +44 (0) 20 8996 7248
Mob: +44 (0) 7717 451 990
Email: lucy.fulton@bsi-global.com
