SecuQuest is geared to ISO 2700x norms. These norms are based on the british standard BS 7799, which was published in 1995 and included as international norm ISO 17799 after some modifications in the year 2000. In 2007 this standard became as ISO 27002 part of the 27000 family which is concentrating exclusively on the topic of security.

The ISO 17799 developed from a code of practice for network security and consists in a model for the introduction of an information-security-management-system. This norm includes a series of suggestions and best practices about different topics concerning information security. These methods were compiled by specialist with practical experience and are based on their know-how and used processes. That renders this norm very application and action orientated.

An important point of this norm is that it is not only concentrating on technical or IT-focused measures (virus scanner, firewall, encryption, etc.) but including all aspects of a company. The application area ranges from the protection of objects, the classification of documents, guidelines for employment of new employees up to the management of the security architecture itself.

Another characteristic of the norm ISO 17799 is its level of abstraction. The norm doesn’t deal with precise applications and solutions in greater detail but specifies the necessary properties and environment of the used system. There are no statements made about concrete products, which avoids big efforts when up-dating. This renders the resulting security architecture of the company more flexible in its implementation and maintenance.

In addition the norm creates a high degree of awareness within the employees of a company. Through the permanent confrontation with the subject security and the detailed documentations envisaged by the norm, the importance of the topic security is communicated to the employees. This implies the sustainable advantage that employees are able to react better in critical situations. Moreover employee’s deviance can be prevented subsequently.