The international standard ISO/IEC 27001 was issued in October 2005 as a revision to the British Information Security Standard BS 7799:2000. The revisions were subtle with new controls added to maintain relevance to new technological, cultural, and environmental developments.

It is worth reviewing the contents of the ISO 17799 standard. The ISO 17799 standard includes the following sections:
1. Scope
2. Normative references
3. Terms and definitions
4. Risk assessment and treatment
5. Security policy
6. Organization and information security
7. Asset management
8. Human resources security
9. Physical and environmental security
10. Communications and operations management
11. Access control
12. Information systems acquisition, development and maintenance
13. Information security incident management
14. Business continuity management
15. Compliance




What is ISO/IEC 27001?
ISO/IEC 27001 is the certification process for the Code of Practice on Information Security Management.

Who does ISO/IEC 27001 apply to?
All organizations, in public or private sectors are increasingly required to prove that they take information security seriously.

Why bother with ISO/IEC 27001?
ISO/IEC 27001 is considered the 'de facto' standard (i.e., standard by default) and will soon become a contractual or service level agreement requirement.

Information on other ISO/IEC standards at www.isoiec17025.com/wst_page4.html

February 8, 2008