HOME

TheInfoList



OR:

BS 7799 was a standard originally published by
BSI Group The British Standards Institution (BSI) is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies certification and standards-related services to business ...
(BSI) in 1995. It was written by the
United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Europe, off the north-western coast of the continental mainland. It comprises England, Scotland, Wales and North ...
Government's Department of Trade and Industry (DTI), and consisted of several parts. The first part, containing the best practices for Information Security Management, was revised in 1998; after a lengthy discussion in the worldwide standards bodies, was eventually adopted by
ISO ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
/
IEC The International Electrotechnical Commission (IEC; in French: ''Commission électrotechnique internationale'') is an international standards organization that prepares and publishes international standards for all electrical, electronic and r ...
as
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and pr ...
, "Information Technology - Code of practice for information security management." in 2000.
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and pr ...
was then revised in June 2005 and finally incorporated in the ISO 27000 series of standards as
ISO/IEC 27002 ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protecti ...
in July 2007. The second part to BS 7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focused on how to implement an
information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core ...
(ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became
ISO/IEC 27001 ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, ...
. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (
PDCA PDCA (plan–do–check–act or plan–do–check–adjust) is an iterative design and management method used in business for the control and continual improvement of processes and products. It is also known as the Shewhart cycle, or the control ...
) (Deming quality assurance model), aligning it with quality standards such as
ISO 9000 The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 90 ...
. BS 7799 Part 2 was adopted by ISO as
ISO/IEC 27001 ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, ...
in November 2005. BS 7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001. It was revised in 2017.


See also

*
Cyber security standards IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all ...
*
ISO/IEC 27000-series The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27K' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechn ...
*
ISO/IEC 27001 ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, ...
*
ISO/IEC 27002 ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protecti ...
(formerly
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and pr ...
)


References

{{Reflist


External links


British Standards Institution
-> BSI Shop


BS 7799 Part 2 PDCA Methodology
07799 Computer security standards