Certification
our services
market sectors
getting started
news
DNV.com
about us
contact us
find us
careers
sitemap
DNV Australia & New Zealandcertificationmanagement systemsinformation security
management systems
 
 
BS 7799

A BS 7799 certificate proves that your Information Security Management System has been measured against a best practice standard and found compliant. Issued by a third party certification body/registrar, the certificate proves that you have taken necessary precautions to protect sensitive information against unauthorised access and changes.

The standard for information security management is the result of industrial, governmental, and commercial demands. It provides a common framework enabling businesses to develop, implement, and effectively measure information security management practices.

The standard consists of two parts:

  • ISO/IEC 17799, is the best practice for implementing information security. This guideline was developed by the International Organization for Standardization (ISO).

  • BS 7799 Part 2, is the specification used for certification.

Protecting your assets
The standard takes a comprehensive approach to information security. Assets that need protection range from digital information, paper documents, and physical assets (computers and networks) to the knowledge of individual employees. Issues you have to address range from competence development of staff to technical protection against computer fraud.

BS 7799 will help you protect your information in terms of:

  • Confidentiality ensuring that information is accessible only to those authorised to have access.

  • Integrity safeguarding the accuracy and completeness of information and processing methods.

  • Availability ensuring that authorised users have access to information and associated assets when required.

In line with other management system standards
The September 2002 revision of the standards Part 2 has made it easier to incorporate with other management systems. The result is:

  • Harmonisation with management system standards like ISO 9001 and ISO 14001.

  • Emphasis on continual process improvement of your information security management system.

  • Clarification of requirements for documentation and records.

  • Involved risk assessment and management processes using a Plan, Do, Check, Act (PDCA) process model.

The revision also includes reference to the new OECD Guidelines for the Security of Information Systems and NetworksTowards a culture of security, which you can download under "related info" on the right.

Where do I go from here?
For third party certification, you need to implement an effective Information Security Management System complying with the requirements of the standard. The first step is to get on the road to certification.
SEARCH
SHORTCUTS
make an enquiry
Road to Certification
RELATED INFO
  links:
BSI-DISC on BS 7799
  downloads:
Information Security Management brochure (pdf)
OECD guidelines (pdf)
   
top of page

Print this page
Print this page
privacy statement | © 2009 det norske veritas | terms of use