BS EN ISO/IEC 27001 is the international high-profile, best-selling information security management system (ISMS) standard.

BS EN ISO/IEC 27001 is recognized as the common international language that facilitates many opportunities for growth, trade, and harmonization across all market sectors and with national governments.

The standard has also become a game-changer for many organizations that seek to demonstrate conformance to international information security management requirements – this gives the organization the opportunity for their ISMS to be independently assessed and certified. ISMS certification provides trust, assurance and confidence to business and trading partners, governments and consumers.

Evolution from a British to an international standard

The evolution of BS EN ISO/IEC 27001 has spanned more than thirty years, from the time it was a British Standard: BS 7799-2 Information security management - Code of practice for information security management in 1997 to its progress through ISO as BS EN ISO/IEC 27001 (first published in 2005). Under the leadership of Dr. Edward Humphreys (ISO/IEC Convenor) and the collective energy of the international community of experts, a business-oriented standard for top management was created and maintained for international use.

As is the normal practice, BS EN ISO/IEC 27001 has been regularly reviewed and revised over three editions (2005-2022) to ensure the standard remains up-to-date with the needs of business today and incorporating improvements to continue to deliver trust and assurance in the organization’s ISMS.

Celebrating international cooperation

The development and maintenance of BS EN ISO/IEC 27001 has been a truly global project which has brought together professional experts from many National Standards Bodies (NSBs) and Liaison Organizations (LOs) around the world. The combined global expert opinions and contributions voiced the needs of the global market and its stakeholders, building a standard that is internationally recognized and acclaimed as the leading standard in the field of information security management.

The ISO group SC 27/WG 1 has championed the BS EN ISO/IEC 27001 project under the leadership of Dr Humphreys and the international team of world class experts – from the time BSI submitted its standard BS 7799-2 into ISO in the early 21st century until today. An achievement to applaud BSI for its evolution of the initial standard through to the take-up and global outreach by ISO and its international partners. On behalf of the international community, there is much to celebrate to mark the success of BS EN ISO/IEC 27001 – effective management of cyber risks and organizational information assets, giving global business a safe option and for international trade opportunities to flourish, providing international certification across all market sectors. This international cooperation is a most noteworthy achievement of ISO, IEC and its members.

Global outreach and benefits

The impact of BS EN ISO/IEC 27001 has been a global sensation, having influenced both public and private businesses and industries alike, giving them protection to support their growth, development and investment. BS EN ISO/IEC 27001 is also being referenced in laws and regulations in many countries and in commercial contracts, as something mandated or highly recommended. It can be used as a business tool for providing resilience against cyber-attacks, giving wide protection for the confidentiality, integrity and availability of information and protecting from cyber risks. Today the BS EN ISO/IEC 27001 concept has grown into a set of international standards commonly called the BS EN ISO/IEC 27000 series that encompasses the standard itself and supporting standards and guidance for BS EN ISO/IEC 27001.

An international certification success

This year 2024, is the 25th year of BS EN ISO/IEC 27001 accredited certification. Over these 25 years, certificates awarded in conformance with BS EN ISO/IEC 27001 have been issued to over 500,000 organizations in over 91 countries. Congratulations are due to all those involved these 25 years, with a big thanks going to BSI and the UK government for their vision and support.

A more in-depth narrative of the history of this development is given in three articles published in the SC 27 Journal Vol.2 Issue 01 2022 - The Voyage of 27 Thousand and One - BS 7799-2 to ISO/IEC 27001 - Hall of Fame, World of ISMS.

Watch the video series

To help you better understand the history and future of the BS EN ISO/IEC 27000 series, BSI has interviewed 5 industry experts to go through the development and benefits of this global standard. Watch them now.

The Evolution of ISO/IEC 27001: 30 Years of Information Security

Explore How BSI Leads Cybersecurity Innovation in the UK

BSI's Global Leadership in Cybersecurity Standards

Top Benefits of ISO/IEC 27001 for Your Business

Navigating the Intersection of Cybersecurity and AI with BSI

Discover BSI Knowledge Subscriptions

Being able to effectively manage personal information not only helps your business avoid large fines for data breaches but also helps you gain the digital trust of your stakeholders.

With a cost-effective BSI Knowledge subscription, you will have the flexibility and visibility to manage the essential standards you need all in one place, to work confidently and embed a culture of reliable privacy management. Build your own custom collection of standards, or opt for access to pre-set modules, and keep up-to-date with any relevant changes to your standards strategy. Request to learn more.