BS 7799

From Wikipedia, the free encyclopedia

BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO 17799 was most recently revised in June 2005 and is expected to be renamed ISO/IEC 27002 during 2007.

A second part to BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focused on how to implement an Information security management system (ISMS), referrering to the information security management structure and controls identified in ISO 17799. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.

BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO 27001.

[edit] References

• ISO/IEC 17799:2005
• ISO/IEC 27001:2005
• ISO/IEC 27000 (not yet published)

[edit] See also

• Cyber security standards
• ISO 17799, the internationalized version of BS 7799
• Standard of Good Practice published by the Information Security Forum
• ISM3 Information Security Management Maturity Model

[edit] External links

• Source of BS 7799 from BSI Outlet
• BS7799 & ISO 17799 Wiki
• British Standards Institute
• Certificate Register
• BS 7799 Part 2 PDCA Methodology