The specialized nature of information systems (IS) auditing and the skills necessary to perform such audits, require standards that apply specifically to IS auditing. From this recognition came the development of the ISO 17799 / BS7799 standard which was initially developed by the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC).

The ISO 17799 / 27001 standard is more commonly leveraged by European and Asian organizations than by US based organizations. It is a very comprehensive framework which defines 127 security controls across ten categories which branch into further detailed controls (the overall number is in the neighborhood of 5,000). For this reason, we generally recommend non-European / Asian clients consider the COBIT framework which is easier to implement in most organizations.