Welcome to the ISO 27002 and ISO 27001 Information Security
Directory, the source of information, background and compliance resources
dedicated exclusively to these two emerging standards.
What Are ISO 27001 and ISO 27002?
ISO 27002 is of course based upon the 17799 standard, and is described as a set of information security controls describing "best practices in
information security". These controls are intended to be selected from
whilst implementing a security strategy. The document was originally published by the DTI
in the United Kingdom as a 'code of practice', and later went on to be published
as BS7799-1. This was later republished as ISO17799 (which was again updated in
2005). This in turn became ISO
27002 in 2007.
ISO 27001 is a specification for an ISMS, an Information Security
Management System. This was formally published by the BSI as BS7799-2 in 2002.
In essence it describes the overall management model, within which controls from
ISO 27002 are selected as appropriate
The Table of Contents
of ISO 27002
The controls within ISO27002 reflect 17799 and are organized into
The current standard also includes chapters covering Scope, Structure and Terms &
Implementation and Certification
Certification is against ISO 27001 rather than ISO 27002/17799, and will remain
however, involves both of these standards, and of course is a pre-requisite of
The benefits can be wide and varied, as the introduction of a confirmed
status in terms of information security practice can often be used to leverage
wider market advantage. This in itself is a significant driver for greater
uptake of the standard itself.
Where to Start
Hopefully, the ISO 27002 and ISO 27001 Security Directory can help kick
start the process. By selecting the options on the left you will be able to obtain a copy of
the standards themselves, view supporting security policies and software, and
access a range of other useful resources/items.
If you need further help, or perhaps wish to send some feedback on this website, please use the form on our feedback
Portals: CNET The