ISO 17799

December 2016

Introduction to ISO 17799

Stemming from the British standard BS 7799, the ISO 17799 standard gives guidelines and recommendations for security management.

Standard 17799 also provides a framework for identifying and implementing solutions for the following risks:

  • Security Policy: write and communicate the company's security policy
  • Security Organisation: define roles and responsibilities. Monitor partners and outsourced business
  • Asset Classification and Control: take an inventory of company goods and define how critical they are and their associated risk
  • Personnel Security: hiring, training and raising security awareness
  • Physical and Environmental Security: security area, inventory of security equipment
  • Communication / Operations Management: accident procedures, recovery plan, definition of levels of service and recovery time, protection against malicious programs, etc.
  • Access Control: set up of access controls at different levels (systems, networks, buildings, etc.)
  • System Development and Maintenance: taking security into account in systems from design to maintenance
  • Business Continuity Planning: defining needs in terms of availability, recovery time and setting up emergency exercises
  • Compliance: respecting copyrights, the law and company regulations

Related :


ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
This document entitled « ISO 17799 » from CCM (ccm.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the license, as this note appears clearly.