Featured Product
This Week in Quality Digest Live
Standards Features
Harish Jose
Using OC curves to generate reliability/confidence values
Phanish Puranam
Instead of blindly adopting industry best practice, companies can pilot new organizational designs
William A. Levinson
All is not gold that glitters
Grant Ramaley
IAF CertSearch now mandatory for accredited certification bodies
Megan Wallin-Kerth
MasterControl’s Matt Lowe talks competition, data, and what quality does for a company

More Features

Standards News
June 6, 2023, at 11:00 a.m. Eastern
Ensuring product consistency, quality, and adherence to federal and state standards
Omnex webinar on May 11, 2023
Digital Twin Consortium’s white paper guides strategies for building owners and stakeholders
Copper, titanium, and 304L stainless-steel powders from Desktop Metal have qualified for production
Webinars cover Automotive SPICE and carbon neutrality standards
Creates one of the most comprehensive regulatory SaaS platforms for the industry

More News

Quality Digest


Improved ISO/IEC 17799 Standard Makes Information More Secure

Published: Tuesday, July 12, 2005 - 22:00

An improved version of ISO/IEC 17799, which has become the e-commerce community’s international benchmark for information security management, was recently published. The new version broadens the standard’s definition of information security, providing best business practices, guidelines and general principles for implementing, maintaining and managing information in any organization, and producing and using information in any form. The new version also identifies the controls that form the starting point for information security, addressing asset management, human resources, physical and environmental security, communications and operations management, information systems acquisitions, development and maintenance, incident management, business continuity and compliance. It’s designed for all size organizations, public or private.

The revised standard recognizes that the level of security that can be achieved purely through technical means is limited. The required level of security—established through assessing the levels of risk and associated costs through breaches of security, against the costs of implementing security—should always be driven by appropriate management controls and procedures.

“Users of this standard can also demonstrate to business partners, customers and suppliers that they’re fit enough and secure enough to do business with, providing the chance for them to turn their investment in information security into business-enabling opportunities,” says Ted Humphreys, convener of the working group that developed the standard.

ISO/IEC 17799:2005 is a code of practice for information security management, but it’s not suitable for certification purposes.

For more information, visit www.iso.org.


About The Author

Quality Digest’s picture

Quality Digest

For 40 years Quality Digest has been the go-to source for all things quality. Our newsletter, Quality Digest, shares expert commentary and relevant industry resources to assist our readers in their quest for continuous improvement. Our website includes every column and article from the newsletter since May 2009 as well as back issues of Quality Digest magazine to August 1995. We are committed to promoting a view wherein quality is not a niche, but an integral part of every phase of manufacturing and services.