ISO 27000 ISO27000

The ISO17799 & ISO 27000 Newsletter - The Information Security Standard


The final version of ISO 27001 (replacing the officially termed 'FDIS' draft version), was published at the end of 2005. This final version also directly replaced BS7799-2:2002.

It essentially defines an Information Security Management System, creating a framework for the design, implementation, management and maintenance of IS processes throughout an organization.

As with BS7799, ISO 27001 continues to 'work with' ISO 17799. They are two distinct documents, but are designed to support each other:
- ISO 17799 is a code of practice, providing details of individual controls for potential implementation
- ISO 27001 defines the information management system itself, which 'over-arches' the former.

Certifications are granted with respect to ISO 27001. Existing certificates for BS7799-2 are subject to a defined transition process for conversion. Certificate holders should contact their own certification bodies.

The current version can be obtained from BSI's official online shop, Standards Direct:
ISO 27001 Download
Customers at that source can download the official version of the standard in PDF format.

Also, a special version of the ISO 17799 Toolkit has been created, which includes ISO 27001 as opposed to the old BS7799. It is also available from the above site:

Return to the ISO 17799 Newsletter




Free subscription is via our online form

ISO 27001

ISO 27001 Online
ISO 27001 Portal

Note: ISO 27001 is the first standard in the ISO 27000 series to be published. ISO 27000 will untimately comprise a number of related information security standards.


Contact Us

© Copyright 2005/2006.