Ace the 2025 Certified Governance Risk & Compliance (CGRC) Challenge – Navigate the Governance Maze with Confidence!

BS 7799 was a series of British standards that provided a framework for information security management. In November 2005, ISO/IEC 27001 was specifically developed as the standard that details the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard was directly based on Part 2 of BS 7799, which focused on the specification for an ISMS.

Part 1 of BS 7799 provided guidelines for information security management, and while it laid the groundwork, it was not adopted in the same way as Part 2. The introduction of ISO/IEC 27001 marked a significant step towards standardizing information security practices globally, which was initiated by the specifications outlined in Part 2. Therefore, it is accurate to say that the adoption of Part 2 of BS 7799 as ISO/IEC 27001 is a crucial aspect of understanding the evolution of information security standards.