ISO 27001 has, after several months in final draft mode, finally been published.
This standard defines an Information Security Management System (known as an ISMS), and compliments the ISO17799 standard. It specifies the 'framework' for the design, and management of information security processes within an organization.
These two standards are closely linked, but have clear and distinct roles:
ISO17799
This details many hundreds of specific security controls, which may be selected as part of the security management system.
ISO 27001
This specifies the requirements for the security management system itself. It is this standard, rather than ISO17799, against which certification is granted.
GLOBAL IMPACT
The publication of ISO 27001, earlier versions of which were published as BS 7799, is likely to herald a rapid increase in interest in the standard. Organizations already certified under BS7799 will embark upon a transitional route, whereas the new international status of the certification standard is bound to have an impact in terms of worldwide numbers following this route generally.
This has already started to manifest itself in terms of the unprecedneted number of pre-orders for the new standard, and the recent membership increases of the International ISO 17799 User Group (http://www.17799.com).
SOURCES
The new standard is available online via BSI's StandardsDirect: http://17799.standardsdirect.org
SNV will have it available from the following page shortly:
Standards Online: http://www.standards-online.net/InformationSecurityStandard.htm
FURTHER INFORMATION
Additional information on both these standards can be obtained from the ISO 17799 News website at:
ISO 17799 & ISO 27001 News
Read this full article at Sara Hollins
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
