|ISO 27001 / ISO 17799
/ BS 7799 |
These standards are the gold standard for Information Security Management
Systems. Properly implemented ISO 27001 / ISO 17799 / BS 7799 allow your
organization to achieve a constantly improving level of information security.
While ISO 27001 / ISO 17799 / BS 7799 do not in themselves prevent intrusions
and data loss, they provide a management structure that ensures a reasonable
level of information security for your organization. ESTec has certified
ISO 27001 / ISO 17799 / BS 7799 auditors who can assist your organization
to prepare for and achieve registration as an ISO 27001 / ISO 17799 /
BS 7799 compliant organization, or if registration is not important to
you we can assist you to set up an ISO 27001 / ISO 17799 / BS 7799 complaint
management structure that would facilitate a future registration.
The standards are similar to the ISO 9000 series of quality management
standards. ISO 27001 / ISO 17799 / BS 7799 require management to make
a commitment to information security and then to regularly review how
the organization is achieving that commitment. This is done through risk
assessment, and incident handling. A risk assessment allows management
to prioritize protection activities and incident handling allows the organization
to evaluate how successful it has been in achieving the priorities.
The benefit of ISO 27001 / ISO 17799 / BS 7799 to the organization is
better control over information security and a more defensible company
if you are ever sued for a disclosure of personal or confidential information.
Over 30 countries either require ISO 27001 / ISO 17799 / BS 7799 certification
for some organizations, or are considering requiring ISO 27001 / ISO 17799
/ BS 7799 certification. If your organization handles personal information,
financial information about private individuals, processes data for other
companies, or is regulated in any way you should seriously evaluate what
ISO 27001 / ISO 17799 / BS 7799 can offer you.
For more information on making your organization compliant with the standards
or achieving registration, please contact one of our certified auditors.
Another benefit to ISO 27001 / ISO 17799 / BS 7799 certification is that
it provides an externally verified way of showing SOX Compliance in the
information security areas. An organization can expand the scope of ISO
27001 / ISO 17799 / BS 7799 to include areas beyond the basic information
security management to include other areas of compliance. This can greatly
help an organization to demostrate to regulaors, investors and others
that compliance has been achieved and is being actively managed.
Implementing ISO 27001 / ISO 17799 / BS 7799 requires a significant commitment
of resources. Skills in ISO 27001 / ISO 17799 / BS 7799 are in very short
supply. Our ISO 27001 / ISO 17799 / BS 7799 certified personnel can provide
a technology transfer to your organization by giuding your IT department
through the implementation process. We can also offer certified ISO 27001
/ ISO 17799 / BS 7799 auditors to assist your internal audit department
in monitoring the implementation of ISO 27001 / ISO 17799 / BS 7799.