ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS7799-2. It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 14001.
The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organization for Economic Cooperation and Development) principles, governing security of information and network systems.
The Contents of the Standard
The broad content is of course similar to the old BS7799. Included is:
1.Cross reference with ISO 17799 controls
2.Use of PDCA
3.Information Management System
4.Tems and definitions