ISO 17799, the
Code of Practice for Information Security Management, was adopted by the
International Organization for Standardization in December, 2000. It was derived almost entirely from the
British Standard of the same name,
BS 7799, which was adopted from the 1993
Code of Practice for Information Security.
Used originally in the UK, it has an accompanying certification scheme to help organizations meet the standard, which is organized in 10 control categories:
The purpose of
ISO 17799 is to ensure
compliance against the standard, in contrast to methodologies like the
SAS 70, which mostly provides a reporting format.