ISO 27001 - Final Draft

mad

ISO 27001 is the replacement for BS7799. This in turn is the \'sister publication\' for ISO 17799. Whereas ISO 17799 is a \'code of practice\', describing individual controls for potential implementation, BS7799 outlines the requirements for an Information Security Management System. In other words, it sets out a system for the management of information security, within which the controls described within ISO 17799 may be selected. \r\n\r\nBS7799 is in fact the part of the standard set against which certification is granted. This mantle will be passed to ISO 27001 upon final publication. \r\n\r\nThe new (draft) version has incorporated a number of significant changes. It further \'harmonizes\' the approach with other management standards, such as ISO 9001, and builds further upon the PDCA model (Plan-Do-Check-Act). However, the main driver in terms of timing seems to have been the urgent need for re-alignment with the new version of ISO 17799 (2005) as opposed to the old version (2000).