ISO/IEC 17799

Published under Risk Management

ISO/IEC 17799:2005

Product identity card

General information
Basic information to identify the product

Method or tool name : Information technology- Security techniques - code of practice for information security management
Vendor name : ISO
Country of origin : International (organisation based in Switzerland)

Level of reference of the product
Details about the type of initiator of the product

International Standardization body : ISO

Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification : Standard is a good practice for initial threat identification indirectly implied.

R.M. Method phases supported

  • Risk treatment : Standard is a good practice for initial risk treatment indirectly implied.

Brief description of the product

  • This standard is of UK origin, but adapted to the international needs via ISO. This document shows what should be good practices in information processing. It is neither a method for evaluation nor for management of risks although a generic chapter refers to this issue. The document enlists various points that have to be taken into account to manage an information system suitably, even if some are not applicable within a specific company.

Date of the first edition, date and number of actual version

Date of first release : 2000
Date and identification of the last version : 2005, version 2

Useful links
Link for further information

Official web site :
User group web site : N/A
Relevant web site :

List the available languages that the tool supports

Availability in European languages : English, French

Specify the price for the method

<ul >
  • € 200

Page top


Target organisations
Defines the most appropriate type of organisations the product aims at

  • Government, agencies
  • Large companies
  • SME
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : N/A

Geographical spread
Information concerning the spread of this tool

Used in EU member states : Many
Used in non-EU member states : Many

Level of detail
Specify the target kind of users

  • Management
  • Operational

License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : No
Existing certification scheme : Yes

Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

  • To introduce : Standard
  • To use : Standard
  • To maintain : Standard

Consultancy support
Specify the kind of support available

Consultancy : Open market

Regulatory compliance
There is a given compliance of the product with international regulations

  • N/A

Compliance to IT standards
There is a compliance with a national or international standard

Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

Availability : No

Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No

Tools supporting the method
List of tools that support the product

Non commercial tools

Commercial tools

Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : No

Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : Human resource management, change management, business continuity planning, audit

Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : No

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies