British coming to push standard on data security

British coming to push standard on data security

By William Jackson

GCN Staff

The British Standards Institution is working to drum up interest among systems and network administrators on this side of the Atlantic in its newly adopted standard for information security management.

'In the U.S., you have no equivalent document' to BS 7799, said Kay Ruddeforth, BSI product manager, at the recent SuperComm '99 trade show in Atlanta.

Ruddeforth said BS 7799, which received final approval in April, has been submitted to the International Standards Organization for adoption.

She said at least one U.S. company, Internet commerce vendor CyberSource Corp. of San Jose, Calif., has announced its intent to obtain BS 7799 certification from BSI, which has offices in Reston, Va. But, she said, she has not received any expression of interest from the U.S. government.

Reg Blake, BSI regulatory affairs manager, said the Defense Department has scrutinized BSI's project management standards, however.

The British standard is not mandated by the European Union's directive on data security, but if compliance with EU security standards becomes necessary for doing business in Europe, BS 7799 could become widespread in the United States.

Code and specs

BS 7799 has two parts: a code of practice for information security management and specifications for information security management systems.

Part 1 covers best practices for risk assessment and control related to topics ranging from mobile computing to site housekeeping. Part 2 deals with designing and implementing an information security system, documenting it and managing a security policy.

The standard can be applied at different security levels depending on an organization's identified threats and associated risks.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected