ISO 27001- The Six Stage Process

The Six Stage Process

ISO 27001 (formerly BS7799) desribes a 6 stage process

1) Define an information security policy

2) Define scope of the information security management system

3) Perform a security risk assessment

4) Manage the identified risk

5) Select controls to be implemented and applied

6) Prepare an SoA (a "statement of applicability").

ISO 27000

Eventually, ISO 27001 will be one of a number of security standards published are part of the ISO 27000 series. ISO 27002 and ISO 27004 are likely to be produced in the next few years.

Goodbye BS7799

After years of good service, BS7799 will be withdrawn as a name upon publication of ISO 27001.