ISO 27001 was originally publised at BS 7799, which was the outcome of a joint initiative by the DTI in the UK and leading UK private sector businesses. The working party, which started work in 1992, produced the first version of BS 7799 in February 1995. This was, originally, simply a Code of Practice for IT Security Management. Organizations that developed ISMSs that complied with this Code of Practice were able to have them independently inspected but there was initially no UKAS scheme in place and, therefore, formal certification was not possible. An alternative solution, known as ‘c:cure’, was adopted to provide a framework for implementation of the standard, and was available from April 1997. ...