Information
in any form is an asset that should be protected and preserved, especially if
you responsible for securing your customer's information. Failure to achieve
this can mean a loss of business, reputation and result in costly litigation
(recent claims in the USA have resulted in 9 figure settlements).
ISO 17799 provides safeguards and controls to ensure that the integrity,
confidentiality and availability of information are preserved. It provides the
foundation for an Information Security Management System (ISMS) and applies to
all sizes of organization in all business sectors.
ISMS certification allows you to demonstrate to your customers, suppliers and
governmental organizations that you are dedicated to information security.
ISO 17799 is most widely recognized security standard in the world, the standard
effectively comes in two parts:
ISO/IEC
17799:2000 (Part 1) is the standard code of practice and can be regarded as a
comprehensive catalogue of good security things to do.
The
general approach to this kind of certification will be immediately familiar to
those already certified under ISO 9001/14001. The important distinctions
are the need to have carried out the process of a risk analysis, there being
justification for the controls that have been selected, that there is a process
for continual improvement, and that the management controls operate correctly
and are adequate for their purpose. If an organization has already had its
information security management processes evaluated under ISO 9001/14001 there
addition of the requirements for
ISO 17799 should not be
very
large or onerous.
Many countries have
adopted the standard for their use domestically, including the
Netherlands, Australia/ New Zealand, Czech Republic, Denmark, Korea and Sweden.
In addition,
ISO 17799 was translated into many different languages and can now be
obtained in French, German and Japanese.
For more information, please call us & speak to our customer services personnel.