ISO 27001 links
Telephone
+44 (0)1799 506151
for further
information
ISO 17799 guidelines |
 |
ISO 17799 is the international standard of control objectives (guidelines) which you are obliged to select from (or justify exclusions from) when implementing an ISMS under ISO-27001.
ISO 17799 is not an auditable standard in itself. You may audit each and every control in isolation, but this does not for a system without the inclusion of management in a Plan, Do, Check, Act cycle. This is how ISO 17799 is neatly fitted into ISO 27001. The latest set of guidelines (2005) were only marginally updated from the previous standard. Suffice to say that they are detailed and extend to nearly 130 controls which require addressing as part of your ISMS.
These controls are split into the following sub headings, to give you an idea of the sort of things that is covered (not just IT!):
- Risk Assessment and Treatment
- Security Policy
- Organisation of Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
- Information Systems, Acquisition, Development and Maintenance
- Information Security Incident Management
- Business Continuity Management
- Compliance
All of these have various subsets addressing what should be every single aspect which could affect the integrity, confidentiality and availability of your information assets.