ISO 27001 and ISO 27000

The ISO 27001 Information Portal
This site is a new initiative, dedicated to the emerging information security management standard, ISO 27001. It will evolve to be a directory, forum and information exchange for the ISO 27001 security standard, previously known as BS7799, and comprising the first of the forthcoming series of ISO 27000 standards. Planned inclusions are: The History of BS7799 and ISO 27001; Information on certification; A forum and exchange medium; A section containing White Papers; A detailed FAQ.


THE CONTENTS OF ISO 27001
WHERE CAN I FIND THE STANDARD?
ISO27001 replaced the original standard, BS7799-2. The latter was a long established information security standard. Strictly speaking, this is a specification for an ISMS (IS Management System). It contains the following chapters:
  • 0) Introduction
  • 1) Scope
  • 2) Normative References
  • 3) Terms and Definitions
  • 4) Information Security Management System
  • 5) Management Responsibility
  • 6) Management review of the ISMS
  • 7) ISMS improvement
  • It is important to remember that ISO 27001 is protected by coptright. It should only be procured through official and authorized sources.

    We have therefore identified the major source for this and the code of practice, 17799, as download PDF files. These can be obtained from the online stores listed in our ISO 27001 Shop section.

    Both of these standards are also available within a 'starter kit', which includes a range of related support materials and items. This is also listed in the above section.

    PDCA
    ISO27001 CERTIFICATION AND COMPLIANCE

    The standard defines a 6 stage process and describes the iterative pdca approach, as originally popularized by Dr. W. Edwards Deming.

    It is important to bear in mind that ISO27001 is the standard within the 27000 series against which certification is available. It is therefore arguably the most pivotal.

    There is also a mapping on to the 17799 security code of practice, which offers a selection of controls which may be applied.

    Organizations adopt standards to varying degrees: from broad alignment, through to compliance, or to certification itself. The latter is increasingly popular, as it is awarded by an accredited third party and is recognized globally.

    Scoping is extremely important in this context, and organizations can define this as widely or as narrow as they wish.

    For more information on this aspect of the standard please see our dedicated section via the navigation bar.

    Developments with respect to the emerging ISO 27000 series of standards will come thick and fast. We hope, however, that this site has helped to answer some of the more basic questions. Please contact us for further information, or perhaps to contribute additional materials.


     

     
    Did You Know?
    BS7799 was original a code of practice issued by tehhe UK Government (DTI).

    Did You Know?
    When initially published as an ISO standard, BS7799 became ISO 17799, because a standard called ISO 7799 already existed.

    Did You Know?
    Specialist portals for the standard started to exist long before it was actually published. Our research indicates that the first may have been ISO 27001 Online

    Did You Know?
    ISO 27001 was originally to be ISO 24743, until a change of direction.

    Did You Know?
    The latest ISO27000 standard to be assigned is ISO 27006. This will be the 'Requirements for bodies providing audit and certification of information security management systems' (ISMS).

    Did You Know?
    More than 3,000 ISO 27001 certificates have now been issued worldwide (including those still certified under BS7799-2).

     
      2007 ISO 27001 (ISO27001) & ISO 27000 Info Portal (DenialInfo).