ISO 17799

ISO 17799, published by the International Organization for Standardization in December of 2000, and is internationally recognized as the basic standard for information security. Although the standard is entirely voluntary, as ISO is a non-governmental organization, it is becoming more and more of a market differentiator. The goal of ISO 17799 is to establish guidelines, principles, and practices to ensure the availability, integrity, and confidentiality of any information that has value in the eyes of an organization, and in pursuit of this goal the standard addresses everything from policy and procedures to computer and network management to personnel security.

Due to the fact that ISO 17799 applies to many fields of work throughout the world, the standard is very broad and nonspecific. It does not provide any single type of technology that must be used, or any step-by-step method to carry out the security standards, but merely provides a common basis and solid outline for the development of strong, effective information security procedures.

Conformity to ISO 17799 is not judged by the ISO organization itself. Instead, independent, specialized organizations use the guides and procedures established by ISO and its partner company, IEC (the International Electrotechnical Commission) to assess an organization’s conformity to the standard.

For more information about this topic, please contact us at info@globalseci.com