There are currently, 18 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Select Interface Language:
ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.
Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.
ISO 27001, ISO 27002 & ISO17799 User Group: Forums
17799.Com :: View topic - ISO 17799 2005 Released Today
Posted: Mon Jul 04, 2005 9:24 pm Post subject: Impact of BS ISO/IEC 27001:2005 standard on certification
If your planned date of certification occurs before release of the New Standard, your Statement of Applicability must conform to the Old Standard for your certification.
If your planned date of certification is after release of the standard, your Statement of Applicability will need to conform to the New Standard at certification. Any current ISMS projects aimed at achieving certification after release of the New Standard should consider starting the conversion process now.
If you have an existing ISMS which is due for re-certification after the release of the New Standard, you will have to convert your ISMS so that it complies with the New Standard before you can be re-certified.
The certification (or re-certification) process will be similar to that of the ISO 9000:94 to 9000:2000 transition. At some point the "old" certificates will cease to be valid and the ISMS will eventually need to be adjusted to the new standard (Quote from BSI: "Once BS ISO/IEC 27001 is published the old BS 7799-2:2002 will be withdrawn. For those certified to BS 7799-2 there will be a transition period.")
- If you're already audited/certified according to BS7799-2:2002 you will have enough time to adjust your ISMS to the 27001 requirements.
- If you're near completion of your ISMS and are planning an audit/cert, I would suggest waiting for the 27001, adjust your ISMS (based on 17799:2005) and going for the new standard certificate. This would be much easier than re-working a BS7799-2 certified ISMS.
- If you're in the early stages, there's no real problem as you are probably using the 2005 version of 17799 and have plenty of time to create your ISMS according to the new standards and requirements.
Judging from the 9000 transition, there should be ample time. The 9000:2000 standard was released in December 2000 and all "old" certificates (1994-based) ceased to be valid on 1/1/2003, so that gave people a good two years to adjust.
Also, note that 27001 has not been released yet (expected November 2005), so as soon as that happens, there will be more definite transition-end dates both from BS and ISO.
If I were you though, I would start planning the initial "generic" steps of the transition (assuming from your question that you have recently certified an ISMS). This may also include transition presentations/training offered by most national standards bodies or reputable certification bodies (BS and BVQI respectively pop to mind). These sessions are usually a day long and include mappings of the differences between the old and new standards and you get a pretty good idea of what the transition is all about (and how auditors will handle it!).
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum