British coming to push standard on data security

British coming to push standard on data security

By William Jackson

GCN Staff

The British Standards Institution is working to drum up interest among systems and network administrators on this side of the Atlantic in its newly adopted standard for information security management.

'In the U.S., you have no equivalent document' to BS 7799, said Kay Ruddeforth, BSI product manager, at the recent SuperComm '99 trade show in Atlanta.

Ruddeforth said BS 7799, which received final approval in April, has been submitted to the International Standards Organization for adoption.

She said at least one U.S. company, Internet commerce vendor CyberSource Corp. of San Jose, Calif., has announced its intent to obtain BS 7799 certification from BSI, which has offices in Reston, Va. But, she said, she has not received any expression of interest from the U.S. government.

Reg Blake, BSI regulatory affairs manager, said the Defense Department has scrutinized BSI's project management standards, however.

The British standard is not mandated by the European Union's directive on data security, but if compliance with EU security standards becomes necessary for doing business in Europe, BS 7799 could become widespread in the United States.

Code and specs

BS 7799 has two parts: a code of practice for information security management and specifications for information security management systems.

Part 1 covers best practices for risk assessment and control related to topics ranging from mobile computing to site housekeeping. Part 2 deals with designing and implementing an information security system, documenting it and managing a security policy.

The standard can be applied at different security levels depending on an organization's identified threats and associated risks.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected