This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "BS 7799" – news · newspapers · books · scholar · JSTOR(November 2010) (Learn how and when to remove this message)
BS 7799 was a British standard "Code of Practice for Information Security Management", first published as such by the British Standards Institution (BSI) in February 1995. Read about the origins of BS 7799 here.
Subsequently, two further parts to BS 7799 were also published (the first becoming BS 7799 Part 1), by which time BSI had become BSI Group.
The original BS 7799 outlined a structured approach to the management of information security but was primarily a description of some 127 information security controls in 10 sections or categories. Each control was designed to address a specified control objective.
Some of the controls considered particularly important at the time were identified as 'key controls' indicated with a key icon in the margin.[1] Following pushback from the user and academic communities, however, the 'key control' concept was dropped when BS 7799 was revised in 1998. Users were encouraged to determine their own risks and objectives in order to select whichever controls were appropriate to their needs - a more fundamental and flexible approach applicable to organisations of all types, sizes and industries.
After a lengthy discussion by standards bodies through ISO/IEC, BS 7799-1 was eventually fast-tracked and adopted as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO/IEC 17799 was revised in June 2005, and renumbered ISO/IEC 27002 in July 2007 when it was incorporated into the growing ISO/IEC 27000 family of standards.
BS 7799 Part 2 "Information Security Management Systems - Specification with guidance for use." was first published by BSI Group in 1999 as a formal specification supporting conformity assessment and certification. BS 7799-2 explained how to design and implement an information security management system (ISMS) - a systematic approach to the governance and management of information security within an organisation. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming cycle), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO/IEC as ISO/IEC 27001 in November 2005.
BS 7799 Part 3 "Information security management systems - Guidelines for information security risk management" was first published by BSI Group in 2005. BS 7799-3 focuses on the identification, analysis, treatment and monitoring of information risks. It was adapted and adopted by ISO/IEC as ISO/IEC 27005 in 2008. Meanwhile, BS 7799-3 continues to evolve in parallel. It was revised in 2017 and a project was proposed in 2023 to simplify the guidance specifically for smaller organisations.[2]
^List, William. "BS 7799 The Code of Practice for information security management". academic.oup.com. Retrieved 30 November 2023.
Read about the origins of BS7799 here. Subsequently, two further parts to BS7799 were also published (the first becoming BS7799 Part 1), by which time...
27002 incorporates part 1 of the BS7799 good security management practice standard. The latest version of BS7799 is BS7799-3. Sometimes ISO/IEC 27002 is...
Philippine-based company to obtain the triple certifications ISO 9001, BS7799, and BS 15000. In February 2006, the company acquired a CMMI Maturity Level...
by the IET. BS7799 for information security, the ancestor of the ISO/IEC 27000 family of standards, including 27002 (formerly 17799) BS 7901 for recovery...
replaced by the ISO standards above. BS7799-1:1995 - peripherally addressed information security procedures. (withdrawn) BS 25999-1:2006 - Business continuity...
headquartered in Japan. In 2002, it was the first Japanese company to obtain BS7799 certification, an international information security standard. In 2007...
protection certification. (The ISO/IEC 27001 standard is the successor of BS7799-2). This process is based on the new BSI security standards. This process...
buildings BS 7430 code of practice for earthing BS 7671 Requirements for Electrical Installations, The IEE Wiring Regulations, produced by the IET. BS7799 for...
Business and economics portal Asset (computer security) Availability BS7799BS 25999 Committee on National Security Systems Common Criteria Confidentiality...
management systems), BS 65000 (Organizational Resilience), ISO 45001 (Occupational Health and Safety), ISO/IEC 27001 (previously BS7799 for Information Security)...
including the Health Insurance Portability and Accountability Act (HIPAA), BS7799 and ISO/IEC 27001, influence the development and use of ECM. In 2016, organizations...
the original on 14 February 2008. Retrieved 13 April 2008. "PCCW attains BS7799" (Press release). PCCW Solutions. 17 November 2003. Archived from the original...
organisations which saw wider use in the DTI Security Code of Practice, BS7799 and eventually ISO/IEC 27000 CCTA also promoted the use of emerging IT...
should comply with British Standard B.S. 145a, and have permanently marked on the plate the specification number "B.S. AU 145a". Vehicles of the Chief Executive...
University". Transactions of the Burgon Society. 9: 80–137. doi:10.4148/2475-7799.1073. Wolgast, Stephen L. (January 1, 2009). "The Intercollegiate Code of...
Biotechnology. 16 (9): 373–378. CiteSeerX 10.1.1.33.5221. doi:10.1016/S0167-7799(98)01214-1. PMID 9744112. King, R. D.; Whelan, K. E.; Jones, F. M.; Reiser...
Escherichia coli". Trends in Biotechnology. 14 (3): 98–105. doi:10.1016/0167-7799(96)80930-9. PMID 8867291. Russo E (January 2003). "The birth of biotechnology"...
Global Information