ISO/IEC 27001

Published under Risk Management

ISO/IEC 27001 (BS7799-2:2002)

Product identity card

General information
Basic information to identify the product

Method or tool name : Information security management systems - Requirements
Vendor name : ISO (The former BS7799-2 was the responsibility of the British Standards Institute)
Country of origin : International (organisation based in Switzerland)



Level of reference of the product
Details about the type of initiator of the product

International Standardization body : ISO



Identification
Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification : Generic requirement that a threat identification has to be made through a recognized method, but no support is provided.

R.M. Method phases supported

  • Risk assessment: Generic requirement that risk assessment has to be made through a recognized method but no support is provided.
  • Risk treatment : Generic recommendation that risk treatment has to be made
  • Risk acceptance : Indirectly implied through "statement of applicability".

Brief description of the product

<ul >
  • This standard is dedicated to a process of certification. It enables the comparison of an information security management system through a series of controls. This standard does not cover risk analysis or certification of the Risk Management. Of UK origin, this standard has been adopted by ISO with some modifications. A certificate granted according to this standard confirms the compliance of an organization with defined requirements to information security management and a set of security controls.


Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 1993
Date and identification of the last version : 2005



Useful links
Link for further information

Official web site : http://www.iso.org/
User group web site : N/A
Relevant web site : http://www.xisec.com/
Relevant web site : http://www.17799.com/



Languages
List the available languages that the tool supports

Availability in European languages : English, French



Price
Specify the price for the method

  • € 130


Page top

Scope

Target organisations
Defines the most appropriate type of organisations the product aims at

  • Government, agencies
  • Large companies

Specific sector : N/A



Geographical spread
Information concerning the spread of this tool

Used in EU member states : Many
Used in non-EU member states : Many



Level of detail
Specify the target kind of users

  • Management
  • Operational


License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : Yes
Existing certification scheme : Yes



Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

  • To introduce : Specialist
  • To use : Standard
  • To maintain : Standard


Consultancy support
Specify the kind of support available

Consultancy : Open market & Company specific



Regulatory compliance
There is a given compliance of the product with international regulations

  • N/A


Compliance to IT standards
There is a compliance with a national or international standard



Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

Availability : No



Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No



Tools supporting the method
List of tools that support the product

Non commercial tools

Commercial tools



Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : No



Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : Human resource management, business continuity planning.



Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : In commercial tools

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more