Based on Part 2 of the original British Standard BS 7799, ISO 27001 will make it easier for companies to incorporate information security into their overall management system and companies that are already ISO 9001 compliant on quality management should be more able to adopt this standard. Part 1 of BS 7799 is already a well-known international standard: it became ISO 17799 in 2000.
At the fourth international 7799 Goes Global Conference, Minister of State for Industry and the Regions, Rt. Hon Alun Michael MP said: "Setting standards is difficult when our society is so risk averse, believing that its someone's fault for everything that goes wrong – and yet we stick our heads in the sand and just hope that our computer system won't be targeted or attacked."
Welcoming the new information security initiative, Alun Michael continued: "The launch of a new international information security standard ISO 27001 is a milestone in recognising the importance of good practice in the IT sector."
He described the standard as a valuable tool that all organisations can use to manage the security of their information assets as a core business activity. This can bring information security into the mainstream of good business practice.
"Secure information should be at the heart of business thinking and not a technical issue," he said. "The standard will be used as a benchmark and will help suppliers and customers have greater confidence in doing business with each other."
