Benchmark your information security systems

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Monday June 11, 2012 at 11:48am
Businesses across the UK are being called upon to consider how they handle information in a secure and legally acceptable way. When you read about Government departments ‘losing’ personal records (Fresh data loss embarrassment for Govt) and learn about a rogue employees at Virgin Atlantic leaking details to the paparazzi of celebrity travel plans (Virgin Atlantic investigates celebrity flights leak) it’s easy to see what can happen when information is not securely handled.

As data becomes more and more valuable (I’m guessing the photographers and media men interested in celebrity movements were willing to pay for that information) and data is increasingly handled by information technology that allows numerous personnel access to often very sensitive personal data it’s crucial to have the right systems and procedures in place.

Staff need to be properly trained and briefed – so that they understand what data you hold and the rules around the use of that data.

Buildings need to be properly secured, to prevent access by unauthorised personnel. This might sound like a no brainer and you might say – but we have individual swipe cards to access our building. But have you never seen anyone hold the door for a colleague (or apparent colleague) carrying a heavy briefcase or box? Such simple breaches in security can have far reaching consequences.

Systems and processes need to be in place to provide prevention and cure measures suited to your particular organisation.

A risk based approach will ensure you don’t waste time and effort on situations which are unlikely to occur and would have little impact, but do allocate resource to those probable and possible circumstances that might happen at any time.

It is possible to benchmark you business against the International Standard for Information Security Management – ISO 27001 and it’s something our clients find is invaluable.

Don’t take chances – if your business collects, stores or uses data, make sure you have proper systems in place to ensure it’s security. If you are in the business of data management (a data warehouse, telemarketing business, credit agency or any number of others) you should probably look closely at ISO 27001 Compliance, as sooner or later customers are likely to ask whether you are, compliant that is.

Marcus Allen
ISO 27001 Consultant

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Comments:  
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here