Contents

BS7799 vs. ISO17799


Both the ISO17799 and BS7799 are standards pertaining to security of Information systems. The BS7799 was originally issued by the British Standard Institute in 1995 than upgraded in 1999. Later in 2000 it was adopted by the ISO and with some modifications became the ISO 17799 standard for international use.

The ISO technical committee which is called ISO IECJTC 1 is presently responsible for all the information on technology related standards. The ISO release the ISMS in the year 200 and the BS7799 now formally refers to this standard in their BS7799. The ISMS lays down specific guidelines in respect of IS management practices.  Though it can be said the ISMS is a images/bs77992.gifrecommendatory standard the ISO recommend that each of the recommendation under the ISMS should be considered independently in your quest of improvement of your IS security in your organization as there is no obligations to follow these recommendations.

Your security needs are the ultimate deciding factors for acceptance or declining the use of the BS7799 standards. Each recommendation should be viewed independently and if it meets the needs of your organization then your can accept it and use it otherwise simply discard it. Both the BS7799 and ISO17799 are recommendatory and are not obligatory in nature. Both the standards complement each other and have a common open ended approaches to the issues related information security and controls namely; security of electronic file, data  and software; other digital images and audio and video recordings; communications; etc all of which constitute “information”.

Since all the above listed information whether it is in physical form or electronic form, it needs proper protection similar to any other asset of the organization. All kind of information needs protection along with the infrastructure which is required to use this information which includes all the computer systems, servers, and networks etc which are the backbone of any organization in modern days. The BS7799 and ISO17799 both tell us how we can protect our valuable ‘information’ assets.