ISO 27001 Finally Published
Sue Thomas
published as an official ISO standard.
ISO 27001 defines an 'Information Security Management
System' (commonly known as an ISMS), and compliments the existing ISO
17799 standard. It basically specifies a best practice framework for
the design and maintenance of information security processes within an
organization.
The two standards are closely aligned and very much interlinked, but
have very distinct roles:
ISO 17799
This lists many hundreds of individual and detailed security controls,
which may be selected as part of the security management system.
ISO 27001
This specifies the overall requirements for the security management
system itself. It is this document, as opposed to 17799, against which
a certification route is offered. ISO 27001, which was built upon an
earlier version of BS7799, has also been made more compatible with
other management standards.
THE LIKELY GLOBAL IMPACT
The publication of the new standard is likely to herald a rapid
increase in interest in both information security generally and
certification specifically. Organizations already certified via
BS7799-2 will take a transitional route, whereas the international
status of the new standard is certain to have an impact on the numbers
following the certification or compliance route.
This has already started to manifest itself in terms of the record
number of pre-orders for the new standard, and the recent membership
increases of the Online ISO 17799 User Group (located at
http://www.17799.com).
OFFICIAL SOURCES OF THE STANDARDS
The new standard can be obtained via:
StandardsDirect (BSI): http://17799.standardsdirect.org
It will also be available via SNV shortly from the following page:
Standards Online:
http://www.standards-online.net/InformationSecurityStandard.htm
Finally, the support kit for the standard has also been updated to
reflect todays changes: http://www.17799-toolkit.com
Sue
ISO 17799 and ISO 27001 News
http://17799-news.the-hamster.com