ISO27001 Information Security
Submit Articles Back to Articles
Data security, or lack of it is in the news almost daily and the news is
pretty alarming. Report after report reveals, the often casual way, the
shortfalls in care of our data.
Every cloud has a silver lining however; we have seen a huge increase in
enquiries for consultancy in setting up ISO27001 systems. It seems that industry
and commerce are taking data security very seriously, unlike the Revenue.
ISO27001 sets up a number of steps that protect data and other information
from unauthorised access and release. It also ensures compliance with the Data
Protection Act and ensures that companies are protected from litigation
Surely it cannot be long before the Information Commissioner takes action or
failing that litigation against those who loose or act in a cavalier manner with
data under their care.
Every organisation employing ISO27001 can claim that they have used best
practice and have taken all reasonable steps to ensure that the elements of Data
Security have been employed. This is a valid defence in a Court of Law (if it
should go that far).
C. I. A. are the main requirements:
- To ensure that data is not compromised or released
- To ensure that data is protected from unauthorised alteration
- To ensure that data is available when and where required
If we all carry this out then there is hope for us yet.
At the moment, I for one, am unwilling to trust my valuable data to any
organisation not complying fully with ISO27001.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy specializing in
Information Security Management accreditation.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2008-03-18 12:52:30 in Computer Articles