ISO 17799 Series of International Standards for Information Security Management Systems (ISMS)  

Information is now globally accepted as being a valuable asset for most organizations and businesses. As such, it is essential to ensure the confidentiality, integrity, and availability of both vital corporate information and customer information. The ISO 17799  (BS7799) series defines the standards necessary to introduce, maintain and continuously improve effective Information Security Management Systems in a business.

To obtain ISO 17799 certification, a company is required to define, manage and control its information security to include the following sections:

  •   A well promulgated Security Policy
  •   The classification, organization & control of assets and resources
  •   Personnel security
  •   Physical and environmental security
  •   Communications and operations management
  •   Access control
  •   Systems development and maintenance
  •   Business continuity management
  •   Compliance controls  

Each section contains the actual clauses and controls that comprise the standard.