ISO 27001:2005
Information Security Management
ISO/IEC 17799:2000

hi-tech security enviroment

In the dynamic Global world of Commerce and Industry ISO 27001:2005 (Guidelines) recognises `Information` to be an asset, which like other important business assets, is valuable. All sizes and scopes of organisation have a need to protect their assets minimising commercial damage, ensuring business continuity, maximising business opportunities and returns.

ISO the International Organisation for Standardisation and IEC the International Electrotechnical Commission, in collaboration with governmental and other international organisations, agreed on an International Code of Practice for Information Security Management.

Organisations deploy information in written format or electronically stored mediums. Information is communicated by post or electronic transmission, can be viewed in video or film format and may be spoken in conversation. In each case the information must be secured to preserve confidentiality, integrity and availability for authorised users. Modern organisations are increasingly confronted with security threats (e.g.) computer assisted fraud, viruses, hackers, vandalism, fire & flood damage etc.

The Standard advises on establishing security requirements and assessing security risks. Security Management Systems therefore address an organisations Security policies, Security infrastructures and Information processing authorisations.

Communication between organisations, third party access, outsourcing and sub-contractors exposure to `sensitive materials` are all considered within the ISMS evaluation.

Information classification & process controls, personnel screening & security, confidentiality agreements and user training all become significant ISMS topics for consideration.

Physical & environmental security governing secure areas, equipment security and ICT best practices would all be addressed in documented operating procedures. Intellectual property rights, copyright and disaster recovery planning are similarly addressed.

The mechanisms for establshing, implementing and maintaining an ISMS facilitate integration within the structure of ISO 9001 Quality Management Systems explained within 2K's web site.

We are here to help you, for further information and advice please contact us for details.