ÍST ISO/IEC 17799:2000 is a code of practice for information security management. In June 2005 ISO and IEC published an upgraded edition of the standard named ISO/IEC 17799:2005.

The standard is now being translated by Icelandic Standards and will be published towards the end of 2005.

Among changes are the introduction of new chapters on risk assessment and treatment and on information security incident management which indicate more emphasis on these areas. New controls have been introduced and a few controls from the previous standard have been merged or deleted. In the new standard there are 134 controls, whilst in the older edition there were 127. ÍST BS 7799-2:2002 is a specification for information security management systems. An upgraded edition, numbered ISO/IEC 27001:2005, is to be released by ISO and IEC in November 2005. This standard will also be translated and published by Icelandic Standards.

The cornerstone of the new standard is the same as the previous versions, the protection of information.

Requirements in the areas of risk assessment, contractual obligations, scope and boundary of the ISMS, management decisions and measuring the effectiveness of selected controls are strengthened and clarified. Organisations certified to BS 7799-2:2002 need to update their information security management systems to take into account the changes to the 2005 version of the standard. Time will be given to adapt to the changes.