Information Security, BS7799, ISO17799 Gap,Risk analysis, policies & procedures to achieve certification

Information Security is the critical business asset

All organisations run on knowledge; turn the information off & you are in big trouble. Every day we hear of new threats & disruptions to business and it's not just all about hackers, the latest virus and other online threats.

Management that fail to adequately address Information Security & Business Continuity issues could face civil & criminal penalties.

Information Security (IS) is vital for all businesses & organisations whether they trade or communicate with suppliers & customers in traditional ways or electronically. Good Corporate Governance and best business practice demands a professional approach to the identification & protection of information systems.

Information Security (IS) extends beyond electronic data & IT to paper based records, intellectual property, people, facilities and business continuity.

Smart business managers are implementing the internationally recognized Information Security Management Standard BS 7799 - 2:2002 / ISO 17799 to both protect their business and to gain a real competitive advantage:

Meeting customer & supplier requirements - if you provide information processing services they may demand you adopt the identified best practice quality standards
Enabling closer business partnerships - if you share or exchange information with customers, suppliers or partners, by paper or EDI / XML all parties will need to know that the information is protected from threats to its confidentiality, integrity and availability

Achieving commercial advantage - Invitation to Tender - BS 7799 is an excellent way to demonstrate that your internal processes for information processing are in line with international best practice.
Avoiding commercial disadvantage - as BS 7799 certification becomes more widespread, potential business partners or customers may require you to achieve BS 7799 certification before they will do business with you.

BS 7799 / ISO 17799 was created to help organizations to efficiently manage their information security to the highest quality standards and where appropriate integrate with ISO 9001:2000.

The improved management controls inherent with ISO 17799 help to ensure the confidentiality, integrity & availability of all information at all times.

Features & Benefits of BS 7799-2:2002 / ISO 17799 -

Information Security Management System (ISMS):

The nature of this ISMS is all embracing and to achieve certification you would be required to address key areas as highlighted below:

Security policy - a document to demonstrate management support and commitment to the ISMS process
Organizational security - an established management framework to initiate & control the implementation of Information Security within your organization.
Asset identification, valuation & control - a comprehensive inventory of assets with responsibilities assigned to ensure that effective security protection is maintained.
Personnel security - well defined job descriptions for all staff outlining information security roles & responsibilities.
Physical & environmental security - a clear & concise definition of the security requirements for your premises & the people within them.
Communications & operational management - best practice communications to facilitate the effective operation of the ISMS
Access control - network management to ensure that only those with the appropriate authorization have access to information in the networks & protection of the supporting infrastructure.
Systems development & maintenance - ensuring that IT projects & support activities are conducted in a secure manner through data control & encryption where necessary.
Business continuity management - a managed process for developing & maintaining business contingency plans which protect critical business processes from major disasters or failure.
Compliance - a demonstration to customers, employees & the authorities of your commitment to meet statutory or regulatory information security requirements.

Next steps:

Wilson Lee & Partners are able to offer comprehensive assistance to help you achieve the standards for certification to BS 7799-2:2002 / ISO 177799; starting with an Information Security Gap review to assess where you are now & what you would need to do.

More > E-mail > BS7799@wilsonlee-cambridge.co.uk

Back >