British Standards Institute updates BS7799 security

The British Standards Institute (BSi) has updated the BS7799 security standard in a move to encourage businesses to establish...

The British Standards Institute (BSi) has updated the BS7799 security standard in a move to encourage businesses to establish processes for managing IT security.

Speaking at the launch of the new standard, e-commerce minister Stephen Timms said: "Information security management will more readily be mainstreamed as a business issue rather than being marginalised as a technical issue. It will help senior management take an active interest in how their online businesses are secured."

The new version of the standard promises to make it easier for businesses to acquire BS7799 certification. It is also designed to integrate more closely with other business management standards, such as the ISO 9001 quality standard.

BS 7799: Part 2 adds a "plan-do-check-act" process to the original BS7799 standard. The BSi said this provides businesses with a management system approach to developing, implementing and improving the effectiveness of an organisation's information security management system:

The standard supports the following process:
  • Plan - business risk analysis
  • Do - internal controls to manage the applicable risks
  • Check - a management review to verify effectiveness
  • Act - action as necessary

According to the BSi the revised standard has improved the definition and clarification of the links between the risk assessment process, the selection of controls, and the contents of the Statement of Applicability. It also includes guidance on how to use the new edition.

Related article:
E-commerce minister calls for business to take responsibility for Net security >>



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...