Re: BS7799/ISO17799

[katbert () pc jaring my]

full-disclosure () lists netsys com
ÿôÿýÿôÿýOn Wed, 21 Jan 2004 09:36:16 -0800 n30 wrote:

> How do I get BS 7799 / ISO 17799 certified? Googling gave me some
results on

Actually one can be certifed only on BS7799 Pt 2 and not on ISO 17799. 
The former specifies the requirements for an Information Security
Management System (ISMS) based on ISO 17799:2000/BS 7799 Pt1:2000.  ISO
17799 is just a guide to best practices in the management of information
security and hence is not certifiable unlike BS7799 Pt 2 which llists
down the requirements for an ISMS.  Cetification for BS7799 is avauilable
from several international bodies e.g. those accreditated from UKAS
(http://www.ukas.com/information_centre/technical/technical_bs7799.asp). 
Many local national certification bodies are also in the process of
getting accreditation from org like UKAS to be able to offer
certification for BS7799.

ISO17799:2000 itself is currently undergoing revision (see work done by
ISO/IEC JTC1 SC27/WG1).  In addition the ISO/IEC JTC1 SC27/WG1 is
currently working on an ISMS standard which if accepted should be an
alternative to BS7799.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html