ISO17799, BS 7799

ISO17799 Compliance

In the information security standards arena 'compliance' is a carefully chosen word. It means checking the situation against the standard, usually ISO17799. It does NOT mean certification, which is an audited, certified, status.

Quite often, compliance is seen as the forerunner to certification. It is sometimes viewed as "getting one's house in order" prior to the next step. It isn't actually quite that simple, but the idea is there.

There are various tools to assist and record compliance checking. However, many people simply use a spreadsheet. All approaches though work reasonable well with a standard such as 177999, with many yes/no/not-applicable clauses.



This portal has been continuously serving the information technology community since 1996. It has evolved and will continue to do so, but will continue to publish leading edge solutions and information. It is also an archive site for various technical journals.

ISO17799 Solutions
We are considering the addition of a library of possible compliance tools for this standard. If we proceed, we will post the details on this page.