BS 7799-2:2002 - Information security management. Specification with guidance for use – BSI British Standards

BS 7799-2:2002

Information security management. Specification with guidance for use

Status : Superseded, Withdrawn   Published : September 2002 Replaced By : BS ISO/IEC 27001:2005/BS 7799-2:2005

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001


This standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof (see Annex B which provides informative guidance on the use of this standard).

The ISMS is designed to ensure adequate and proportionate security controls that adequately protect information assets and give confidence to customers and other interested parties. This can be translated into maintaining and improving competitive edge, cash flow, profitability, legal compliance and commercial image.


The requirements set out in this British Standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature of business. Where any requirement(s) of this standard cannot be applied due to the nature of an organization and its business, the requirement can be considered for exclusion.

Where exclusions are made, claims of conformity to this standard are not acceptable unless such exclusions do not affect the organization’s ability, and/or responsibility, to provide information security that meets the security requirements determined by risk assessment and applicable regulatory requirements. Any exclusions of controls found to be necessary to satisfy the risk acceptance criteria need to be justified and evidence needs to be provided that the associated risks have been properly accepted by accountable people.

Excluding any of the requirements specified in Clauses 4, 5, 6 and 7 is not acceptable.

Standard NumberBS 7799-2:2002
TitleInformation security management. Specification with guidance for use
StatusSuperseded, Withdrawn
Publication Date05 September 2002
Withdrawn Date18 October 2005
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)No other standards are informatively referenced
Replaced ByBS ISO/IEC 27001:2005/BS 7799-2:2005
ReplacesBS 7799-2:1999
Draft Superseded By01/682010 DC
DescriptorsData processing, Computers, Anti-burglar measures, Management, Data security, Data storage protection, Information systems, Documents, Records (documents), Classification systems, Computer technology, Computer networks, Technical documents, Maintenance, Information exchange
ISBN0 580 40250 9
File Size918.5 KB

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001
 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Develop a PAS

Develop a fast-track standardization document in 9-12 months

Worldwide Standards
We can source any standard from anywhere in the world