The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for ISMS, an Information Security Management System. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. ISO 27001 enhanced the content of BS7799-2 and harmonized it with other standards. A scheme has been introduced by various certification bodies for conversion from BS7799 certification to ISO27001 certification.
ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for the original document, BS7799-2. It is intended to provide the foundation for third party audit, and is 'harmonized' with other management standards, such as ISO 9001 and ISO 14001.
The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organization for Economic Cooperation and Development) principles, governing security of information and network systems.