Greig Ross Associates - Case Study 2




	• Associates Help Desk • Case Studies • Client List • Partners • Publications


	Find out more about how to reduce your print costs...

Why Suddenly Everyone is Jumping on the ISO27001 Train

The government sneezes, drops its USB key and business catches a cold!

2008 was not a good time for information Security. The man on the Clapham Omnibus might have hoped that, as technology evolved exponentially, the ability to keep private things away from prying eyes, ears and fingers, would grow at about the same rate. But no, we are left with an operational information process that, in many cases is about as balanced as a ‘Beano’ Haggis -which to those sadly raised without the Beano is very uneven.

The pressure for ISO 27001

It was not the USB that was dropped in the car park that was the first ring of the alarm for government. The older technology of the missing CDs at HRMC about a year before, that spread the threat to everyone in the UK who had children under the age of 18. From that point the press; and through them the rest of us, became more interested in protecting personal data. This has been very good news for the makers of shredding machines and laptop encryption.

As the year progressed more information on paper, e-mail, CD, hard disc and USB stick was lost, found or stolen and it became clear that the insecurity train was running loose drown the track and gathering speed. In many cases it was government, national or local, or the finance sector which were fueling the pace with their obvious process weaknesses.

As a result government are beginning to require their contractors (and in turn their contractors) to come into line with the security requirements of ISO 27001. This standard is more flexible than BSI7799, its predecessor and encourages an organization to examine its own security risks, and balance those with their risk appetitive and operational needs. It is based on the Plan, Do, Check, Act model which tries to make information security a dynamic process, constantly adapting to changing business circumstances. For this reason a good quality solution cannot be taken off the rail and dropped into in your business. It has to be made-to-measure.

A good ISO27001 solution should

Fit your existing business processes.
Improve the security of your data handling.
Empower staff to conduct their work in a more secure way.
Have a strong internal input in the devising of policy and procedures to make them operationally effective.
Give your management confidence that you have effective security.

Please drop me a line if you require any information or assistance with ISO27001. Wendy.Goucher@GraLtd.co.uk

"If I have seen further it is by standing on the shoulders of giants."
Sir Isaac Newton, 1676

Whilst there is a great deal of truth in success being 20% perspiration and 80% inspiration at Greig Ross Associates we also believe that learning from other organisations which have been there before can streamline a project.

Subscribe to our contact list for more information about our services
Site Designed and Hosted by Creative Link