BS 7799-3:2017

BS 7799-3:2017 provides guidance to assist organizations to:

• a) fulfil the requirements of BS EN ISO/IEC 27001 concerning risks and opportunities; and
• b) define, apply, maintain and evaluate risk management processes in the informationsecurity context.

This British Standard is relevant to:

• 1) organizations who have or are intending to have an information security management system(ISMS) that conforms to BS EN ISO/IEC 27001; and
• 2) persons that perform or are involved in information security risk management (e.g. interestedparties, risk owners and ISMS professionals).

This document is applicable to all organizations, regardless of type, size or nature.Cross References:BS EN ISO/IEC 27001:2017BS ISO/IEC 27017:2015BS EN ISO 22301:2014 BS ISO/IEC 27007:2011BS ISO 31000:2009BS ISO/IEC 27005:2011BS EN ISO/IEC 27000:2017BS ISO/IEC 27004:2016BS ISO/IEC 27003:2017