ISO - certifikace systémů řízení - ISO 9000

ISO 17799

Quality system certification

Certified persons

Training - certification of personnel

Foreign websites Contact - Information - Service

ISO 9000:2000 ISO 14001 ISO 17799 QS 9000 VDA 6 ISO/TS 16949 ČSN 732601

home page

International Organization for Standardization (ISO) issued an amendment of the ISO 9000 : 2000 standard becoming valid as of December 15, 2000

Certification bodies Consultancy companies Certified companies

What is the ISO 17799 standard?

The ISO 17799 standard in its last version of year 2000 is one of the key standards for implementation and certification of companies' management systems (i.e. the quality, environment, information). The subject matter of certification consists in implemented and documented information security management system (ISMS) in a company. This basically means that it covers all the aspects of attainment, processing and storage of information through (but not limited to) information systems and company technologies.

History of the ISO 17799 standard

The ISO 17799:2000 standard belongs to the youngest but also the most mature standards in the area of company management. It was created as a national UK BS 7799 standard, in which also some significant global organizations participated with the aim to define and use the best practices in the area of information security. By the subsequent development and worldwide use thereof it becomes the ISO standard.

Implementation procedure of the ISO 17799 standard

The ISO 17799 standard implementation represents building the ISMS within the organization. The basis consists in the PDCA life cycle that is identical with the set of standards ISO 9000 and ISO 14000. Within PDCA the organization carries out the individual steps:

- Planning (P), where the aim is to create security policies, plans, goals, processes and procedures related to the risk management and improvement of the information security so that they provide results in accordance with the organization's general policy and targets.

- Doing (D), where the aim is to implement and use the security policies regarding information, management, processes and procedures.

- Checking (C), where the aim is to verify the level, where it is possible, to carry out the process in accordance with the security policy, targets and practical experience, and provision of the results to the management for assessment.

- Acting (A), where the aim is to use remedial and preventive activities based on the results of the management analyses so that the ISMS is continuously being improved.

The ISMS implemented by the organization can be a subject of certification that is carried out by accredited certification authorities.