ISO 17799 or ISO17799, 2005

ISO 17799 2005

The ISO 17799 Code of Practice

ISO 17799 is without doubt the most well known information security related standard. The reasons for this are largely that it was the first ISO standard published in this area, and that, being a code of practice, the contents ate more closely aligned with everyday security issues than most other standard publications.

It should be noted immediately that certification is not offered against this particular standard. As a 'code of practice', it comprises a substantial number of suggested security controls, which may be selected from as appropriate (partly as determined by the methods outlined in ISO 27001 and similar documents). However, its level of operation does make it suitable for 'compliance' checking, which is widely offered.

The ISO 17799 standard began life as a document published by the UK Government's DTI. This quickly became BS7799, and BSI standard, and from there, was finally published as ISO 17799 in 2000.

In 20005 it was updated and published again, to reflect changes in technology and approaches to governance issues.

In 2007 it was renamed to ISO 27002, to take its place in the ISO 27000 series of information security related standards.



This is dedicated to technology related, particularly IT Governance related, information and documentation. It is also an archive for journals and technical newsletters. It is one of the oldest continually existing technical portals on the internet.

ISO 17799 Future
ISO 17799 was last published in 2005. However, it is expected that with its next upgrade (not expected soon!) it will be renamed as ISO 27002, to align with the ISO 27000 series of international security standards.