The ISO 27002  & ISO 27001 Directory                    

THE FAQ: FREQUENTLY ASKED QUESTIONS

1) When wasl ISO 27002 be released?

The standard actually began life in 1995 as the DTI Code of Practice in the UK. It was later published as BS7799-1 and then  as ISO 17799 in 2000. The latest version of that was published in June 2005. ISO 27002 is more or less a  re-badge of this version.

2) What is BS 7799?

BS 7799-1 was the original version of ISO 17799. However, in 2002 different document, a specification for an ISMS, was published as BS 7799-2. This was republished as ISO 27001 at the end of 2005.

3) What is an accreditation body?

An accreditation body is an organization which can authorize others to "certify" third parties under the standard itself (BS7799-2 / ISO 27001). These tend to be national in nature. Examples include ANAB, UKAS, CNAB, RvA and SCC

4) Who then is accredited to actually certify under the scheme?

BSI, BIS, CSBTS, AFNOR, SFS, DIN, NQA, ANSI, SABS, and a growing number of other organizations.

5) Who wrote the Standard?

A BSI/DISC committee originally created BS7799 in the UK. This was subsequently reviewed by ISO committee JTC 1/SC 27. A similar route was followed for ISO 27001..

6) Does certification last for ever?

No. Periodic reviews are required to maintain the status.

Return to the ISO 27002 Home Page

[ Main Page ]