General discussion


ISO17799 Toolkit Implementation

By InfosecMN ·
Has anyone implemented the ISO17799 Toolkit. Were the questionnairs/checklist/policies etc. valuable, could they be used immediately or did they require lots of customization. I know there is no cookie cutter approach but I would like to know if the toolkit is a good approach or if doing the pieces individually make more sense.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by gadgetgirl In reply to ISO17799 Toolkit Implemen ...

This ISO has now changed to 27001, and has changed drastically, insofar as it is now written in English, not gobbledygook! There is a conversion tool, though, on the BSI website (

The questionnaires were invaluable, and didn't need tweaking; the checklists don't apply to everyone, but covered many basics, and could be built upon. The policies are totally different, and need to be customised to your own setting. Reading them does give you the right idea though, and gives you something to aim at.

Doing the pieces individually makes more sense if it is a small company; however, the toolkit would be the only way to go on corporates over around the 2000 employee mark - individualising for that many people would make for an awful lot of paperwork for yourself.

Please peer mail me if you need specifics on this, I've done 7799 once, and am about to do it again (for my sins!)

Collapse -

by InfosecMN In reply to

Poster rated this answer.

Collapse -

by InfosecMN In reply to ISO17799 Toolkit Implemen ...

This question was closed by the author

Related Discussions

Related Forums