BS7799-2 was first published by BSI in 1999. A new version, 'harmonized' with other standards, such as ISO 9000, was published in September 2002. This latter version also introduced the PDCA model (plan-do-check-act) as part of the management system approach (see below). In october 2005, ISO 27001 replaced BS7799-2 as specification for ISMS.

The full title of BS7799-2 is "Information Security Management Systems - Specification with guidance for use".

A range of organizations were involved in the preparation of this standard, from various sectors of trade, industry and government.

You may wish to view the Contents of BS7799-2.

BS7799-2 basically explains how to apply and implement ISO 17799, and, critically, how to implement and maintain an Information Security Management System (ISMS).

Contrary to common belief, Certification is actually against BS7799-2, or its respective successor ISO 27001, rather than ISO 17799. The number of certifications worldwide is rapidly approaching 2,000.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)