What is BS
7799 (ISO 27001)?
BS 7799 was introduced in 1995 as the British
Standard for information security management. It has since
been adopted as an international standard, ISO 27001.
Organisations (companies, government departments, local
authorities, etc) can apply to have their security management
systems assessed against the standard by independent third
parties. These ‘certification bodies’ are appointed
via the DTI and authorised to issue ISO 27001 certificates.
The certificate is normally valid for three years and is
dependent on periodic visits by the certification body.
ISO 27001 therefore enables customers to satisfy themselves
that an organisation manages security effectively.
Why is ISO 27001 important?
ISO 27001 is an international yardstick by which customers,
suppliers and other parties can measure the effectiveness
of an organisation’s management of information security.
Rather than having to rely solely on their own judgement,
ISO 27001 allows customers (at no cost to themselves) to
use a qualified third party to verify whether the organisation’s
security is well managed.
The fact that you have a security policy, procedures, firewalls,
encryption etc tells customers that you have a security
management system. Showing them an ISO 27001 certificate
tells them whether it is any good.
More and more organisations are gaining ISO 27001
certification

What does
this mean for you?
As a buyer you can use ISO 27001 certification as a selection
criterion. Make sure that those suppliers who have access
to your sensitive or critical business information have
an ISO 27001 certificate. You can check the list of certificated
suppliers at www.iso27001certificates.com
If your business involves processing customer-owned information
then you should apply for an ISO 27001 certificate. You
can use this to assure your customers that you protect their
data. Check www.iso27001certificates.com
to see whether your competitors have ISO 27001 certification.
If they don't, you have a great opportunity to gain an advantage.
vvvvvvvDiscover how
to obtain certification by using our unique Guide
to Information Security and achieving ISO 27001 certification
You will need a username and password. Contact
us to apply for yours if you haven't used the
site before or if you have forgotten your password.
The Guide is available free of charge to the public sector
and suppliers of outsourced services.
Back to Information Security
| Back to top