Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Aug 16, 2007

Prehistoric ISO27k

I have been researching the origins of ISO27k, particularly the bit before it was launched as BS7799 in 1995, to complete the 'definitive history' on ISO27001security.com.

I dimly recall using an A5/booklet version of the Code of Practice for Information Security released by BSI DISC as PD003 in 1993, and an accompanying informational booklet PD005. I have also heard about but can't quite remember a "Users code of practice for security" released by the UK's National Computing Center (NCC) in the late 80s/early 90s, which I believe was largely derived from a Royal Dutch/Shell information security policy manual.

Does anyone reading this have copies of PD003, PD005, the NCC document or Shell's original policy manual, please, or other relevant information from that pre-1995 period? If so, please contact me (gary@isect.com). I'd really appreciate your help to set the record straight.