It is the specification for an ISMS, an Information Security Management System. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. As this matured, a second part emerged to cover management systems. It is this against which certification is granted. Today in excess of a thousand certificates are in place, acrgmcgroups the world.
The objective of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System”. Regarding its adoption, this should be a strategic decision. Further, “The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization”.