Let’s do a little refresh about the ISO 27001 and 27002 standard. Back in the nineties the British Standard Institution (BSI) published the British Standard 7799, written by the UK Government’s Department of Trade and Industry. This standard consisted of 2 parts:
- Part 1 was a code of practice which could be seen as an ‘extensive buffet’ of security controls which could be implemented to manage information security
- Part 2 contained the specifications on how to implement an ISMS, including the introduction of the Plan-Do-Check-Act cycle in a future release.
Later on, both parts were adopted by ISO. After some revisions and name changes the BS 7799-1 standard is nowadays known as the ISO 27002 standard, while the BS 7799-2 standard is now known as the ISO 27001 standard.