The Six Stage Process
ISO 27001 (formerly BS7799) desribes a 6 stage process

1) Define an information security policy

2) Define scope of the information security management system

3) Perform a security risk assessment

4) Manage the identified risk

5) Select controls to be implemented and applied

6) Prepare an SoA (a "statement of applicability").


ISO 27000
Eventually, ISO 27001 will be one of a number of security standards published are part of the ISO 27000 series. ISO 27002 and ISO 27004 are likely to be produced in the next few years.

Goodbye BS7799
After years of good service, BS7799 will be withdrawn as a name upon publication of ISO 27001.