KÜRT – Data Recovery and Information Security

ISO 27002

ISO 27002

(Previously ISO 17799:2005, BS 7799-1:1999)

The ISO 27002 (Code of Practice for Information Security Management) essentially differs from earlier Information Security recommendations in that it derives the security requirements and provisions from the organisation’s business objectives and strategy, and replaces the previous product-oriented approach, and its definitions of the evaluation, certification and qualification processes, with an approach that centres on information security management at the organisational level. The ISO 27002 standard does not set requirements (and therefore no certification can be obtained in relation to it); rather – similarly to the ISO 9000 standards pertaining to quality assurance – it sets out the organisational and regulatory criteria for establishing comprehensive Information Security.

Printable version