| |
penarth
management
|
Specialists in Quality, Environmental and
Health & Safety Compliance Consultancy and Training
|
|
|
Information Security and ISO 27001
|
There is an increasing need for businesses to be able to demonstrate that the information they hold for their own business purposes is secure. More importantly, information that they manipulate in the course of work for their clients and customers must be sufficiently secure to avoid breach of contract or damage to goodwill.
ISO27001:2005 is an internationally recognised Standard and takes into account the differing needs of businesses. An organisation that processes third party information will need to ensure information is not accessed by the wrong people while in their hands or while being transferred electronically to others.
An organisation that handles data on behalf of others will wish to demonstrate that its recruitment and training programmes provide staff who understand the threats and act responsibly.
ISO27001:2005 provides the framework for this and the means of obtaining independent verification of systems by internationally recognised accredited assessors.
The first step is to decide which part of the Standard applies to the business. ISO27001:2005 requires a Statement of Applicability and this enables those in charge to exclude parts of the Standard if they are irrelevant. The effort of working through this focuses the mind on the principal risks.
Next, management must decide what assets are at risk and prioritise these. From this it is usual to train people to think about security risks for every new element of work or new project.
Like other Standards, there is a requirement in ISO27001:2005 to demonstrate management have looked at legislation and made sure the business is complying.
How we can help:
Penarth Management Limited has been involved in assisting clients to achieve satisfactory certification to ISO27001:2005, and its predecessor BS7799, for several years and has worked in the following sectors:
- Military
- Agriculture
- Government departments
- IT
- Public Bodies
Examples of the need for secure information stretches far beyond complying with the Data Protection legislation and includes intellectual property, copyright material, credit card data, and the legal admissibility of electronic records when extracted for adjudication in the Courts. In cattle breeding and crop development records are particularly valuable assets.
Our staff include specialists with qualifications and past experience as assessors of ISO27001:2005 so we can provide guidance that is sufficient for satisfactory certification without creating a system that is too complex.
If you would like further information please contact us on 029 2070 3328 or e-mail judi@penarth.co.uk
Do you need a copy of the Standard?
To purchase a hard copy of the BSI Standard ISO/IEC 27001:2005 Information security management systems, simply complete our Order Form with your requirements. Alternatively, if you require the Standard right away, you can obtain a .pdf copy directly from BSI.
|
|
|
