The final version of ISO 27001 (replacing the officially termed 'FDIS' draft version), was published at the end of 2005. This final version also directly replaced BS7799-2:2002.
It essentially defines an Information Security Management System, creating a framework for the design, implementation, management and maintenance of IS processes throughout an organization.
As with BS7799, ISO 27001 continues to 'work with' ISO 17799. They are two distinct documents, but are designed to support each other:
- ISO 17799 is a code of practice, providing details of individual controls for potential implementation
- ISO 27001 defines the information management system itself, which 'over-arches' the former.
Certifications are granted with respect to ISO 27001. Existing certificates for BS7799-2 are subject to a defined transition process for conversion. Certificate holders should contact their own certification bodies.
SOURCES OF THE CURRENT VERSION
The current version can be obtained from BSI's official online shop, Standards Direct:
ISO 27001 Download
Customers at that source can download the official version of the standard in PDF format.
Also, a special version of the ISO 17799 Toolkit has been created, which includes ISO 27001 as opposed to the old BS7799. It is also available from the above site:
Return to the ISO 17799 Newsletter