- Main Navigation
- Products + Services
- Certificates + IDs
- Industry Solutions
ISO 27001 (successor to BS 77 99)
ISO 27001 is the successor to BS 7799 and is the applicable norm for assessing the security of IT environments. It includes two elements:
- ISO/IEC 17799:2005 (“Code of practice for information security management”) is the reference document for setting up an information security management system (ISMS). It provides implementation instructions and its contents correspond to BS 77 99-1.
- ISO/IEC 27001:2005 (‘Specifications for information security management’) describes the requirements for implementing and documenting an ISMS and is to be used as a test basis.
ISO 27001 uses control clauses, control objectives and generic measures to cover the following topics:
- Security policy
- Security organisation
- Classification and monitoring of company values
- Employee security
- Physical and environment-related security
- Management of communications and operations
- Access control
- System development and maintenance
- Information security and incident management
- Management of business operations
- Compliance with legal and organisational requirements
