Information technology – Security techniques – Information security management systems – Overview and vocabulary
ISO 27000 is derived from the British Standard 7799, published in 1995 in three parts: BS-7799, ISO-17799 and ISO/IEC 27001. The first part of BS7799, which dealt with best practices in information security, was included in ISO 17799. Part two, entitled ‘Information Security Management Systems’, was included in the ISO 27000 series in 2000. ISO 27000 certification can be used to indicate that an organization achieved a certain level of information security.