ISO/IEC 27001

Published under Risk Management

ISO/IEC 27001 (BS7799-2:2002)

Product identity card

General information
Basic information to identify the product

Method or tool name : Information security management systems - Requirements
Vendor name : ISO (The former BS7799-2 was the responsibility of the British Standards Institute)
Country of origin : International (organisation based in Switzerland)



Level of reference of the product
Details about the type of initiator of the product

International Standardization body : ISO



Identification
Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification : Generic requirement that a threat identification has to be made through a recognized method, but no support is provided.

R.M. Method phases supported

  • Risk assessment: Generic requirement that risk assessment has to be made through a recognized method but no support is provided.
  • Risk treatment : Generic recommendation that risk treatment has to be made
  • Risk acceptance : Indirectly implied through "statement of applicability".

Brief description of the product

<ul >
  • This standard is dedicated to a process of certification. It enables the comparison of an information security management system through a series of controls. This standard does not cover risk analysis or certification of the Risk Management. Of UK origin, this standard has been adopted by ISO with some modifications. A certificate granted according to this standard confirms the compliance of an organization with defined requirements to information security management and a set of security controls.


Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 1993
Date and identification of the last version : 2005



Useful links
Link for further information

Official web site : http://www.iso.org/
User group web site : N/A
Relevant web site : http://www.xisec.com/
Relevant web site : http://www.17799.com/



Languages
List the available languages that the tool supports

Availability in European languages : English, French



Price
Specify the price for the method

  • € 130


Page top

Scope

Target organisations
Defines the most appropriate type of organisations the product aims at

  • Government, agencies
  • Large companies

Specific sector : N/A



Geographical spread
Information concerning the spread of this tool

Used in EU member states : Many
Used in non-EU member states : Many



Level of detail
Specify the target kind of users

  • Management
  • Operational


License and certification scheme
Specify the licensing and certification schemes available for this method

Recognized licensing scheme : Yes
Existing certification scheme : Yes



Page top

Users viewpoint

Skills needed
Specify the level of skills needed to use and maintain the solution

  • To introduce : Specialist
  • To use : Standard
  • To maintain : Standard


Consultancy support
Specify the kind of support available

Consultancy : Open market & Company specific



Regulatory compliance
There is a given compliance of the product with international regulations

  • N/A


Compliance to IT standards
There is a compliance with a national or international standard



Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.

Availability : No



Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security

It is possible to measure the I.S.S. maturity level : No



Tools supporting the method
List of tools that support the product

Non commercial tools

Commercial tools



Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools

Tools can be integrated with other tools : No



Organisation processes integration
The method provides interfaces to existing processes within the organisation

Method provides interfaces to other organisational processes : Human resource management, business continuity planning.



Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.

Method allows use of sector adapted databases : In commercial tools

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information