The place: United Kingdom, the what: the BS7799, the who: the UK Government's Department of Trade and Industry and published by the British Standards Institution. And then, an Information Security Management System ISMS (aka Security Program) was born.

This standard we develop to fulfill one goal: guidance to organisations on how to handle risk to its sensitive information.

Back then, the BS7799 (yes you are alright. The BS stands for British Standard) was divided in two parts: 

• 
  BS7799 Part 1 define the objective and controls that can be used to meet those objectives
• BS7799 Part 2 is more about how the ISMS can be implemented and maintained

Then something uncanny happened: the update of this document went through a long (and quite confusing) range of titles, with different version numbers.

So we have to thank the International Organization for Standardization and the International Electrotechnical Commission for its incursion and the effort done to globally expand the BS7799, by launching the so-called ISO/IEC 27000 series. 

The first of this series was published in October 2005 (ISO/IEC 27001:2005 now withdrawn, current one: ISO/IEC 27001:2022 at the moment of this article publication).

Harris, Shon & Maymí, Fernando. CISSP EXAM GUIDE Seventh Edition. New York McGraw Hill Education, 2016.

ISO/IEC 27001 Standard – Information Security Management Systems. (n.d.). ISO. https://www.iso.org/standard/27001