British Standards Institute updates BS7799 security

The British Standards Institute (BSi) has updated the BS7799 security standard in a move to encourage businesses to establish...

The British Standards Institute (BSi) has updated the BS7799 security standard in a move to encourage businesses to establish processes for managing IT security.

Speaking at the launch of the new standard, e-commerce minister Stephen Timms said: "Information security management will more readily be mainstreamed as a business issue rather than being marginalised as a technical issue. It will help senior management take an active interest in how their online businesses are secured."

The new version of the standard promises to make it easier for businesses to acquire BS7799 certification. It is also designed to integrate more closely with other business management standards, such as the ISO 9001 quality standard.

BS 7799: Part 2 adds a "plan-do-check-act" process to the original BS7799 standard. The BSi said this provides businesses with a management system approach to developing, implementing and improving the effectiveness of an organisation's information security management system:

The standard supports the following process:
  • Plan - business risk analysis
  • Do - internal controls to manage the applicable risks
  • Check - a management review to verify effectiveness
  • Act - action as necessary

According to the BSi the revised standard has improved the definition and clarification of the links between the risk assessment process, the selection of controls, and the contents of the Statement of Applicability. It also includes guidance on how to use the new edition.

Related article:
E-commerce minister calls for business to take responsibility for Net security >>



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.