Based on Part 2 of the original British Standard BS 7799, ISO
27001 will make it easier for companies to incorporate information
security into their overall management system and companies that
are already ISO 9001 compliant on quality management should be more
able to adopt this standard. Part 1 of BS 7799 is already a
well-known international standard: it became ISO 17799 in 2000.
At the fourth international 7799 Goes Global
Conference, Minister of State for Industry and the Regions, Rt. Hon
Alun Michael MP said: "Setting standards is difficult when our
society is so risk averse, believing that its someone's fault for
everything that goes wrong – and yet we stick our heads in the sand
and just hope that our computer system won't be targeted or
attacked."
Welcoming the new information security initiative, Alun Michael
continued: "The launch of a new international information security
standard ISO 27001 is a milestone in recognising the importance of
good practice in the IT sector."
He described the standard as a valuable tool that all
organisations can use to manage the security of their information
assets as a core business activity. This can bring information
security into the mainstream of good business practice.
"Secure information should be at the heart of business thinking
and not a technical issue," he said. "The standard will be used as
a benchmark and will help suppliers and customers have greater
confidence in doing business with each other."
