ISO/IEC17799: 2005 & ISO/IEC 27001

The information security management standard is now in two parts:

• ISO 27002 (ISO 17799:2005): Information Technology - Code of Practice for Information Security Management
• ISO27001: Information Security Management Systems (ISMS) Specification

ISO 27002 (ISO 17799:2005) - is the basis for developing security standards and management practices. The guiding principles cover 3 main aspects: strategic, operational and compliance. The key success factors are the agreement on policies& procedures, cultural alignment & support of senior management, clear risk assessment & management, & process for incident management

ISO 27001: ISMS Specification - covers the 11 clauses of good IS practice. External certification to ISO 27001 proves that an organisation has an effective information security framework in place.

Organisations need to understand that this standard is 'business focussed' not purely technical because information risks are increasingly important to organisation's ability to deliver their corporate goals: Business Services, Legal Services, Human Resources and Facilities Management all have a role to ensure compliance.

Business Consultancy
> What
ISO 27001 is an International Information Security Standard, ISO 27002 (ISO 17799:2005) gives comprehensive guidance on best practice methods for implementing ISO 27001.
> more

> Who
All organisations, in public or private sectors are increasingly required to prove that they take information security seriously.
> more

> Why
ISO/IEC 27001 is respected as the 'de facto' standard and will soon become a contractual or service level agreement requirement.
> more

"I have always been impressed with the level of service Sapphire has provided for The essentiagroup and the high standards they adhere to. I would be delighted to recommend Sapphire's services to any organisation..."
Martin Leven, Director of Technology, Essentia Group
> more