It’s about risk management in relation to information security. It covers all the necessary processes to manage information security risks.

Who is this standard for?

Every organization with information will benefit from using this standard, regardless of size or sector. In terms of role, it will be used by:

• GRC managers
• Security managers
• Operational managers
• Auditors
• Anyone responsible for implementing the requirements of the General Data Protection Regulation in their organization

Why should you use this standard?

It plugs the gap left between the international standard on information security risk management that was last published in 2011 (ISO/IEC 27005:2011) and the revised ISO/IEC 27001 which was published in 2013.

As such BS 7799-3:2017 provides essential support for the implementation of ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems – Requirements and all sectoral and application specific uses of that standard.

 NOTE: BS 7799-3:2017, or its successor(s), will be available until ISO/IEC publish a revised version of ISO/IEC 27005:2011, when it will be withdrawn.