ISO 17799, the Code of Practice for Information Security Management, was adopted by the International Organization for Standardization in December, 2000. It was derived almost entirely from the British Standard of the same name, BS 7799, which was adopted from the 1993 Code of Practice for Information Security.

Used originally in the UK, it has an accompanying certification scheme to help organizations meet the standard, which is organized in 10 control categories:

The purpose of ISO 17799 is to ensure compliance against the standard, in contrast to methodologies like the SAS 70, which mostly provides a reporting format.

Log in or register to write something here or to contact authors.