ISO 17799 is without doubt the most well known information security related standard. The reasons for this are largely that it was the first ISO standard published in this area, and that, being a code of practice, the contents ate more closely aligned with everyday security issues than most other standard publications.

It should be noted immediately that certification is not offered against this particular standard. As a 'code of practice', it comprises a substantial number of suggested security controls, which may be selected from as appropriate (partly as determined by the methods outlined in ISO 27001 and similar documents). However, its level of operation does make it suitable for 'compliance' checking, which is widely offered.

The ISO 17799 standard began life as a document published by the UK Government's DTI. This quickly became BS7799, and BSI standard, and from there, was finally published as ISO 17799 in 2000.

In 20005 it was updated and published again, to reflect changes in technology and approaches to governance issues.