BS 7799

From Wikipedia, the free encyclopedia.

(Redirected from BS7799)

BS 7799 Part 1 was a standard originally published as BS 7799 by the British Standards Institute (BSI) in 1995. It was written by the United Kingdom Government's Department of Trade and Industry (DTI), and after several revisions, was eventually adopted by ISO as ISO 17799, "Information Technology - Code of practice for information security management." ISO 17799 was most recently revised in June 2005.

A second part to BS7799 was published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focuses on how to implement an Information Security Management System (ISMS), referrering to the information security management structure and controls identified in ISO 17799. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance) model, aligning it with quality standards such as ISO 9000.

Certification/registration of an organisation's ISMS against BS 7799 Part 2 is one means of providing assurance that the certified/registered organisation has implemented a system for the management of information security in line with the Part 2 standard. In some countries, the bodies which verify conformity of ISMS to specified standards are called "certification bodies", in others "registration bodies", in others "assessment and registration bodies", or "certification/ registration bodies", and in others still, "registrars".

BS7799 Part 2 is due to be adopted by ISO as ISO 27001 late in 2005.

[edit]