|
|
BS7799 / ISO17799 |
|
History of the standard BS7799 / ISO 17799 Compliance, Certification and Accreditation Benefits of the BS7799 / ISO 17799 standard Complementarity of BS7799 / ISO 17799 Complementarity with existing legislation |
Compliance, Certification and Accreditation
To avoid confusion, here is a brief definition of these three terms in the context of an Information Security Management System (ISMS):
Compliance is a self-assessment carried out by an organization in order to verify whether a system that has been implemented complies with a standard.
Certification (also called registration) is conferred by an accredited certification body when an organization successfully completes an independent audit, thus certifying that the management system meets the requirements of a specific standard, for example BS7799-2. A company may comply with ISO 17799, but certification is only possible with BS7799.
Accreditation consists of the means by which an authorized organization (the accreditation body) officially recognizes the authority of a certification body to evaluate, certify and register an organization’s ISMS with regard to published standards. |
|
Web Sites Callio Technologies BS7799/ISO17799 BS7799 ISO17799 Security Standards ISO17799 BS7799 Discussion Group BS7799 ISO17799 Methodology Group
|