The ISO 27001 AND 27002 Information Security Standards
written by: Steve Mallard•edited by: Ronda Bowen•updated: 7/4/2011
This article looks at information security standards for enterprise-level businesses and data protection and privacy as well as the certification process.
slide 1 of 3
ISO 2700x Security Standards for Your Company
ISO 2700x series is the control and certification for information security in the enterprise. Companies need to seek this certification to obtain quality and compliance in their Information Technology / Information Systems departments.
ISO 17799 has been renamed to ISO 27001. This renaming was initiated and processed by ISO.These information security standards now fall under a common naming structure known as the 'ISO 27000 series'.
ISO 27002 gives some guidance and provides a section that provides these items:
There are a several organizations accredited to grant certification against ISO 27001.
ISO 27001 works with ISO 9000 and ISO 14000.
Originally a BSI/DISC committee, which included representatives from a wide section of industry and commerce. It was reviewed subsequently by an ISO (International Standards Organization) committee and ultimately emerged through the ISO publication process.
BS7799-2, the original specifications for information security management system changed to ISO 27001 during the fourth quarter of 2005.