Re: ISO 17799 vs BS 7799

From: Phil Fites (
Date: 02/27/03

From: Phil Fites <>
Date: Thu, 27 Feb 2003 02:27:21 GMT

ISO/IEC IS17799:2000 differs significantly from BS7799; in
particular, many things that are specific to UK laws and
regulations were altered or removed. Also, BS7799 has a "Part 1"
and a "Part 2"; Part 2 is rather larger and contains specific
measures to which conformity or compliance can be assessed. ISO
17799 has no "Part 2" and the decision by SC27 is that it will not.

Among other things, this means that "audits" for "conformity" to
IS17799:2000 are not possible. From the "Statement related to
use of ISO/IEC 17799 in Canada", Sept. 2002, "There is no
conformity assessment or compliance scheme associated with the
current version of IS 17799, nor is one currently planned for the
revised version. Any and all claims of a conformity assessment
or compliance scheme for IS 17799 are without basis."

ISO/IEC IS17799:2000 is undergoing extensive changes as part of
the process of resolving 658 "defect reports" filed in the first
months after it was published. It is hoped that this can be
completed in time for approval of a new standard to replace ISO
17799-2000 at the SC27 plenary in April-May 2004.

As for "up to date", the ISO standard was finalized in late 2000
after incorporating changes approved at the Tokyo meetings in
October 2000, and the standard has not changed yet. I have no
information about later versions of BS7799.

Eirik Seim wrote:
> On 26 Feb 2003 15:14:00 -0800, Toby Hobson wrote:
>> Hi
>> Could anyone give me a brief overview of the difference between the
>> two standards. In particular which standard is most up to date?
> Last I heard, ISO 17799 is what BS 7799 was in 2000, and the BS 7799 from
> 2002 extends beyond ISO 17799. Try google, there are tons of sites that
> deals with these standards.
> Reading what I wrote above, I realized this must be the most brief overview
> I've ever seen :)
> - Eirik

Relevant Pages

  • Re: Splitting a string
    ... Nope - I'm working from ISO/IEC 9899, which puts string handling at ... The official ISO C standards are available for not horribly too much ... N1256 contains the 1999 ISO C standard with all three Technical ...
  • Re: Is C99 C?
    ... 1992 which complied with C90 but not C99, is it no longer a C program? ... I think the standard refers to C99 as "C" out a matter of convenience ... ISO C99 standard intends to do. ... ISO/IEC 9899:1990, as amended and corrected by ISO/IEC ...
  • Re: Info about the GNU C Compiler...?
    ... Standard, which was later adopted by ISO as ISO/IEC 9899:1990. ... It does not claim to conform to the later 1999 ISO Standard, but does in fact support most of that Standard's changes to C. ...
  • Re: Ada 2005
    ... it only becomes an *official* ISO standard ... the updated Ada language definition ... Final ISO/IEC ballot approves Ada amendment ...
  • Re: man -t odd page size
    ... > ISO compliant document whereas a small minority benefits from having non ... theory shouldn't the FreeBSD lists, docs and code all be in Chinese? ... A4 isn't a DIN standard anymore, ...