Title: Difference between ISO 27001 and BS 17799 Post by: danisara on May 14, 2009, 07:47:35 am Hey all,
Can anyone explain the difference between ISO 27001 and BS 17799 , please? I am trying to find out what the difference between ISO 27001 and BS 17799 is, I kinda know what ISO 27001 is, but since these standards are pretty hard to get, I can't find anything about BS 17799 and compare them. Thanks. Title: Re: Difference between ISO 27001 and BS 17799 Post by: KoonetMan on May 15, 2009, 03:38:25 pm ISO 27001 contains requirements in establishing an information security management system. These requirements are mandatory. This is a "certifiable" standard. If your organization is going for certification, the certificate would state "Company XYZ is certified to ISO 27001".
BS 17799 has been renamed to ISO 27002. This standard supports ISO 27001 in the sense that ISO 27002 contains "guidelines" on how to implement an ISMS. Tip: while reading through most of the ISO standards, whenever you encounter the word "SHALL" it denotes a mandatory requirement. While the word "SHOULD" denotes a voluntary requirements. Hence, ISO 27001 which is a requirement standard contains SHALL and ISO 27002 which is a guideline standard contains SHOULD. PM me if you need more help. Title: Re: Difference between ISO 27001 and BS 17799 Post by: danisara on May 18, 2009, 03:57:11 pm Thanks for your explanation. When you say "mandatory" - do you mean that every business needs to have ISO? That kinda confused me. I thought ISO is voluntary.
Title: Re: Difference between ISO 27001 and BS 17799 Post by: pawel on May 18, 2009, 04:03:30 pm Hey, here is another good explanation of the difference between ISO 27001 and BS 17799
ISO 27001 Requirements for implementing, establishing, and documenting so called ISMS (Information Security Management Systems) Specifies requirements for security controls to be implemented according to the needs of individual organizations ISO 27001 is aligned with ISO/IEC 17799:2005 BS 17799 BS 17799 is more of a Code of Practice or guidance or reference document It is based on best information security practices This defines a process to evaluate, implement, maintain, and manage information security BS 17799 is based on BS 7799-1 Consists of 11 control sections, 39 control objectives, and 134 controls Is not used for assessment and registration This was later renamed to ISO 27002 Title: Re: Difference between ISO 27001 and BS 17799 Post by: yaris on May 20, 2009, 07:21:11 am Here is the difference between ISO 27001 and BS 17799 explained
The official name of ISO 27001 is ISO/IEC 27001:2005 - Information technology - Security techniques - Information security management systems - Requirements. ISO 27001 is the standard that now supersedes BS 7799-2 for certification requirements. This is important - ISO 27001 relates to certification requirements for the implementation of an information security management system (ISMS). ISO 27001 lists requriements that you must satisfy in order to establish an ISMS. Another standard related to information security is ISO 17799 which supercedes BS 7799 and which was substantially revised and published in 2005 as ISO/IEC 17799:2005. Then, this standard was later changed to ISO 27002. This standard is more of a best practice or code of practice guide for certain areas. Summary: The very first standard related to information security was BS 7799. BS 7799 was divided into two parts: BS 7799-1 which later became ISO 17799, and BS 7799-2 which later became ISO 27001. ISMS certification standard: BS 7799-2:2002 ---> ISO/IEC 27001:2005 Code of Practice standard: BS 7799-1:1999 ---> ISO/IEC 17799:2000 ---> ISO/IEC 17799:2005 ---> ISO/IEC 27002:2005 Note: BS 17799 or ISO 17799? It is practically the same. BS means "British Standard". British Standard 17799 was adopted by the ISO/IEC - International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). BS 7799 series of ISMS standards become ISO standards in 2005. Cheers. Title: Re: Difference between ISO 27001 and BS 17799 Post by: atari on May 21, 2009, 11:05:32 am Awesome explanation, thanks!
Here is one good article on this server that talks about ISO 27001 (http://www.maxi-pedia.com/ISO+27001). Title: Re: Difference between ISO 27001 and BS 17799 Post by: Eurocert on June 01, 2012, 11:04:38 am Hey all, Can anyone explain the difference between ISO 27001 and BS 17799 , please? I am trying to find out what the difference between ISO 27001 and BS 17799 is, I kinda know what ISO 27001 is, but since these standards are pretty hard to get, I can't find anything about BS 17799 and compare them. Thanks. Look at the ISO certification like a project The certification should be treated like any other project the company undertakes - appoint a project manager who can delegate tasks and set deadlines for completion. With proper management of the overall project, the end goal will never be lost. |