BS7799, BS 7799

What is BS 7799 (or BS7799)?

Some people consider it to be a moving feast, because superficially, it keeps changing! That isn't entirely accurate however.

The original BS7799, later re-badged to BS7799-1, was the code of practice. This famously became ISO 17799 in 2000 after being fast tracked through the ISO procedures. However, this was far from the end for BS 7799.

BS7799-2 was born. This wasn't a code, but a specification for an Information Security Management System. Perhaps with hindsight it could have been given a slighly different number (BS7798?), but it wasn't. Hence the start of the confusion. BS7799-2 was in fact the security standard against which certification could be obtained.

In 2005 BS7799-2 also passed the way of ISO, and became ISO 27001. But even that wasn't the end of BS7799! BS7799-3 was born in March 2006! BS7799-3 offers Guidelines for information security risk management. This is the current iteration of the standard named BS7799.



This website has been continuously serving the IT community since 1996. It has evolved and will continue to do so, but will continue to publish leading edge solutions and information. W3J is also an archive site for various technical journals (to be held in our soon to be launched library).

BS 7799 Future
It is possible (probable?) that BS7799-3 will follow the path of its predecessors, and become an ISO standard. As ISO 27005 has been set aside to cover security risk management, this may well be its ultimate destination. BS7799-4 anyone?