Speech by Ingrid Waloff at 7799 Goes Global


September 5 2002


Good morning ladies and gentlemen. It's a pleasure to be here today at the launch of a new standard ? this is a new experience for me as I'm a relatively recent appointee to this role.

This year BSI will publish over 2000 standards but today I'd like to concentrate on just 0.05% of our annual output, that's just one standard, but one very important standard and one that is very important for this audience ? BS 7799 Part 2.

The Minister has kindly both set the scene and described how we have got to this launch point today, so I'll just observe that with the increasing use of new technology to store, transmit, and retrieve information, the need to implement an effective information security management system has now become an essential requirement in business life.

Organizations need to ensure the preservation of confidentiality, integrity, and availability of both corporate and customer information. Addressing essential 'e-business' requirements, the standard for Information Security Management has fast become one of the world's most popular and requested standards.

So today BSI is pleased to announce the launch of this BS 7799 Part 2 revision.

This part of the standard enables organizations to develop, implement and continuously improve their Information Security Management System and provides

* confidence in an 'e-business' environment,

* compliance with legislation such as the Data Protection Act,

* and if required, third party assessments and certification.

The drivers for this new edition have included:

* Harmonization with other management systems standards

* The need for continual improvement processes to ensure effective information security management is established and maintained

* Corporate governance

* Information security assurance

* Implementation of the revised OECD guidelines governing the security of information systems and networks

Particular things to look out for in this new Part 2 are:

* The Plan-Do-Check-Act model

* Improved definition and clarification of the links between the risk management process, the selection of controls and the contents of the Statement of Applicability

* An Annex providing guidance on the use of the new edition

* An Annex showing the correspondence between this standard and both the ISO quality and environmental management standards

International use

In terms of international use BS 7799 Part 1 was adopted as an international standard in December 2000 and published as ISO/ IEC 17799.

Part 2 is also being used internationally in countries such as Sweden, Finland, Norway, Japan, Hong Kong, India, Australia, Taiwan and Korea. And, hence the title of this conference '7799 Goes Global'.

In terms of tracking current use of BS 7799, the encouraging news is that although only 15% of UK companies surveyed recently by DTI were aware of the standard, of those that were, 38% have implemented its recommendations.

The UK government is also driving the adoption of BS 7799 and has issued a directive that all e-commerce must be compliant with the standard by 2008.

And finally

I'd like to finish up by thanking the information security industry, both in the UK and internationally, for their comments, contributions and assistance in the successful completion of the revision to Part 2 of BS 7799.

On behalf of BSI I would like to particularly thank the committee members of BDD/2 (chaired by the DTI) for all their work, and the working panel BDD/2/3 with the assistance of the International User Group for shouldering much of the development and comment resolution work.

So I hope your conference is going well, I believe I've finished under time and I'd like to hand you on to the next speaker, Jeremy Ward of CBI.