Please wait for a site operator to respond. You are number 1 in the queue. Your wait time will be approximately 0 minute(s) and 30 second(s).You are now chatting with 'Tim' Your Issue ID for this chat is LTK16502038781X Tim: Welcome to our Live Chat service. How can I help you? Are you or your company an ANSI Member? you: Hi there Tim. I'm looking to buy PDF versions of ISO27001 and ISO27002 but am a bit confused. you: there seems to be quite a few versions of both starting at $30 and rising to a few hundred on your ANSI websiteyou: so for example there is BS ISO/IEC 27001:2005/BS 7799-2:2005 for $144you: and INCITS/ISO/IEC 27001-2005 for $30 you: and Information Security Package 27001 for $50 you: so I'm somewhat confused. Tim: There are many adoptions of these standards by other standard developing organizations. The original standards have the following designations: ISO/IEC 27001:2005 for $129 and the ISO/IEC 27002:2005 for $206. Or, you could purchase the two original documents together in the "ISO/IEC 27001 and 27002 IT Security Techniques Package" at a discounted price of $295. you: um, so what is the $30 version? Tim: The $30 version is the INCITS adoption of the ISO/IEC 27001 and ISO/IEC 27002 standards. you: and will be completly different? you: or the words are the same and the header is different Tim: We can't say that there hasn't been changes made to the orginal document. You will need to contact INCITS for clarification. you: but how can it be ISO27001 if they have changed anything? Tim: That is an agreement between ISO and INCITS. ANSI does not review the adoptions for changes. If you're unsure of the adopted standards, we recommend purchasing the originals by ISO. you: but on the INCITS Website it says that the INCITS version is ANSI approved. Thats' you? Tim: It has been ANSI approved as an adoption of the ISO/IEC 27001 and ISO/IEC 27002. you: so that must mean that its an acceptable document you: i.e. ANSI considered it to be not different to the ISO version? you: I'm just trying to work out if I'm paying $99 more for the same thing. Tim: You will need to contact INCITS to determine if any changes have been made. ANSI does not review the body of the standard when it is adopted. you: that does not make any sense. you are saying that ANSI adopts a version of a document that might be completely different to the thing it purports to be? Tim: ANSI does not adopt standards. INCITS adopted the ISO/IEC original document. ANSI approved the adoption but did nto review if any changes were made to the document. ANSI is not the copright holder of the document. You will need to contact INCITS if you want to find out if changes were made to the document by INCITS. you: okay. It soundss really odd to me that from you I can buy about 5 different versions of 27001 and you don't know whats in any of them except the ISO version. you: I will indeed contact INCITS Tim: Thank you. I'm sure INCITS will be able to answer your questions regarding their adoption of the ISO/IEC 27001 and ISO/IEC 27002. you: thanks Tim. This has been my weirdest conversation for many weeks!