ISO 17799
ISO 17799 was originally published in the early 1990's as the "DTI Code of Practice", by the Department of Trade & Industry in the UK. In 1995, it was further developed by BSI committe BDD/2 and published as BS 7799.

It was updated again in 1999, and it was this version that was ultimately published as the first version of ISO/IEC 17799 in December 2000. ISO/IEC Joint Technical Committee 1/Sub-Committee 27, Working Group 1 is now responsible for its maintenance.


You may wish to review the Contents of ISO 17799. It contains 36 control objectives and contains 133 specific controls, organized into 11 main sections. Supporting text under each control objective contains advice on how to satisfy the objective, and mentions a number of best practice information security controls.

Throughout the standard, the need for risk assessment is emphasized. This is part of the relationship with BS7799-2, which covers such implementation in further depth.

As with most major ISO standards, ISO 17799 is periodically revised. The most recent version was published in June 2005(ISO/IEC 17799:2005). Changes include the closer integration with the BS7799-2 (the international version of which is ISO27001) approach, and a re-organization of the controls within. Important advice on information security risk analysis which merited only a brief mention in the preface of the previous version is promoted to a main section.

In July 2007 the standard was renamed to ISO 27002

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)