Certification against BS/ ISO

[NMS]

Folks - this is my first post to this forum.

I heard that organizaions can only be certified against 27001. They why we have BS17799? why two of them for the same purpose?

Please foucs some more light on this.

Thanks in advance

[SecAdmin]

The situation is straight forward: ISO 27001 replaced BS7799-2 last year (2006).

[Vonnie]

ISO27001 is what you certify to. It has statements such as 'Shall', it is black and white and if you dont meet the requirements of the standard you dont 'pass'. It does make some very good points and requires the development of a Risk Strategy & Treatment Plan etc...

ISO17799 provides the Code of Practice, and provides statements such as 'should' giving you the chance to choose what you implement as 'best practice', this can be used as guidance for 'compliance to'.
You cannot certify to ISO17799.

Hope that helps!

[Calvin]

Just to add...we still have BS7799 (not BS17799) around because a lot of companies are upgrading the certification to ISO27001.

However new certifcations are only given for ISO27001. (correct me if I am wrong here)

Calvin

[Vonnie]

Yep BS7799 (part 1) certifications are still valid, but companies can choose to move to ISO27001 or sit out until their certification expires.

ISO17799:2000 was updated to ISO17799:2005, but it too will change its name again to ISO27002 IN LATE 2007/8.!!

[Coffeeman]

Folks - this is my first post to this forum.

I heard that organizaions can only be certified against 27001. They why we have BS17799? why two of them for the same purpose?

Please foucs some more light on this.

Thanks in advance

[Rupert]

Hi,

I am having problems in finding someone who can certify our organisation in Australia for ISO27002.

I have tried:

PwC
KPMG
Standards Australia
SAI Global
JAS-ANZ

None of them certify in Australia.

Any Ideas?

[TomH]