All businesses are information driven. Information is the power which drives any business. All companies use some form of information and some sort of information exchange with its clients, customers or business partners. This information may be physical or in electronic format. Most modern businesses use electronically stored information and employ massive computer and communications networks for exchanging information. Some of these companies even use public communication  network or even the Internet for reaching out to the public, customers, clients or business partners. Now all the information moving in and out of the company or while stored on the company??™s own server or remote hosts is always at a risk of being infringed upon, hacked, stolen or misuse which can lead to serious consequences to the owner of the information.For protection of such information companies adopt security polices which are religiously followed to safeguard the company??™s information assets. Now how is a company supposed to know whether the security policies implemented by it are adequate enough to provide sufficient shield from security threats. The answer is to go for the BS7799 compliance audit and certification by an accredited certifying agency.

The BSI provides the BS7799 standards for IS implementation. The accredited bodies evaluate the security policies of the company against these standards and check whether the policies meet the standard. Where the net result of such audit is a positive one the certifying agencies issue a BS7799 Compliance certificate to the company under Audit. These certifying bodies receive their accreditation under the EN45012 being the ISO guide no.62. The accreditation of the certifying bodies ensure that they are well qualified in evaluation of ISMS of an organization as against the standards issued by the BSI or the ISO and then issue compliance certificates to the organizations . The certification by these accredited agency is valid till a new standard arrives and after which a fresh audit has to be conducted after implementation of the necessary changes.