The ISO 17799  Directory                    

FREQUENTLY ASKED QUESTIONS

1) When was ISO17799 first published?

In December 2000

2) What is BS7799-1?

BS7799-1 was essentially the forerunner of ISO17799. This was first published in 1995.

3) What is accreditation?

An accreditation body can authorize others to "certify" third parties under the standard itself (part 2). 

4) Who then is accredited to actually certify under the scheme?

BSI, DNV, National Quality Assurance, and various others.

5) How can I measure and manage compliance?

The most well known support tool is COBRA, which is also an established risk analysis product. 

6) What is ISO17799 Part 1? 

ISO17799 Part 1 is "intended to serve as a single reference point for identifying the range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations". It is essentially a 'code of practice'

7) Who wrote it?

A BSI/DISC committee including representatives from a cross section of trade and industry originally created BS7799. It was subsequently reviewed by an ISO committee and emerged through the ISO publication process.

8) What is Part 2?

BS7799 Part 2 is a "specification for information security management systems". This is critical to the process and is not an optional extra.

9) Is certification for ever?

No it is not. It is normally for periods of three years.

Return to Main Page

[ Main Page ]