ISO17 -- Setting the Standard in Information Security Management

Founded in 1947 as a means of developing voluntary technical standards, ISO has touched almost every sector of business, industry and technology. At first, the vast majority of ISO Standards were highly specific, documenting technical specifications or other precise criteria to ensure consistency in materials, products, processes and services. Because of their technical nature, these standards were primarily targeted to engineers.

Forty years later, in 1987, ISO expanded its technical scope to create ISO 9000. This standard was broader and included standards for non-technical functions. In 1994 other specific standards were developed with ISO 9001, 9002 and 9003. These revised standards set out the requirements for an organization whose business processes included some element of design, development, production, installation and servicing. In 1996, ISO 14000 was established, bringing environmental awareness to the business community. Derived from the British standard BS 7799, ISO 17799 was released in December as the first international standard for the management if information security.

ISO JTC 1/ SC 27

ISO JTC 1/ SC 27 is the ISO technical committee responsible for developing and maintaining the ISO 17799 standard. JTC 1 is the only joint technical committee operating within ISO and it maintains responsibility for all Information Technology related standards. To date JTC 1 has published over 1640 standards with SC 27 responsible for publishing 39 of these standards. Today, SC 27, who has direct responsibility for ISO 17799 has members from 28 participating countries and observer countries numbering 12.

Courtesy of ISO