The Department of Trade and Industry (DTI), which is part of the UK Government, publish a 'Code of Practice for Information Security Management'.
This document is amended and re-published by the British Standards Institute (BSI) in 1995 as BS7799.
Support and compliance tools begin to emerge, such as COBRA.
David Lilburn Watson becomes the first qualified certified BS7799 c:cure Auditor
The first major revision of BS7799 was published. Thsi included many major enhancements.
Accreditation and certification schemes are launched. LRQA and BSI are the first certification bodies.
In December, BS7799 is again re-published, this time as a fast tracked ISO standard. It becomes ISO 17799 (or more formally, ISO/IEC 17799).
The 'ISO 17799 Toolkit' is launched.
A second part to the standard is published: BS7799-2. This is an Information Security Management Specification, rather than a code of practice. It begins the process of alignment with other management standards such as ISO 9000.
A new version of ISO 17799 is published. This includes two new sections, and
closer alignment with BS7799-2 processes..
ISO 27001 is published, replacing BS7799-2, which is withdrawn. This is a
specification for an ISMS (information security management system), which aligns
with ISO 17799 and is compatible with ISO 9001 and ISO 14001.