Is your organisation’s
information secure?
Information is the lifeblood of business: in the UK, 63 per cent
of businesses hold highly confidential information and 66 per cent
would suffer serious disruption if information within their systems
was corrupted.* In addition, the penalties for failing to
implement effective systems and controls to protect the confidentiality,
integrity and availability of information are increasing: the UK’s
largest building society was recently fined £1 million for exposing
customers to an increased risk of financial crime, following the theft
of a laptop containing confidential customer information.
The importance of keeping information secure has also been highlighted
by the recent case where hackers stole information from at least 45.7
million payment cards used by customers of US retailer TJX, which
owns TJ Maxx, and UK outlet TKMaxx. There are sure to be serious repercussions
for the retailer.
What benefits does certifying to ISO 27001 offer?
Organisations worldwide are now turning to ISO 27001 which offers
a structured approach for an information security management system
around a framework of international best practice. This enables businesses
to demonstrate effective systems and controls to certification bodies
and regulatory authorities, as well as to assure customers and suppliers
that their information is secure and protected.
ISO 27001 also significantly enhances your corporate governance efforts,
with 87 per cent of companies reporting that certification to ISO
27001 has improved their business continuity and 85 per cent reporting
that it has minimised damage to their business from security incidents.*
What challenges does certifying to ISO 27001 present?
A great deal of preparation is
required to achieve compliance with ISO 27001 including studying
ISO 27001:2005 as it is against these standards that compliance
will be measured. Thereafter, defining and documenting your policies,
procedures and controls is a complex, costly and arduous process,
with a significant amount of time, effort and resource, either internal
or external, required to complete this task.
Certification itself is not the end game, with a massive amount of
work required to maintain and police your management system. Potentially
bureaucratic activities include Document Control, Internal Audit and
Corrective Action tracking. One proven way to remove much of this
effort is to implement an electronic information security management
framework which facilitates all of the hard work for you.
What’s the solution?
 Q-Pulse
for ISO 27001 integrates Gael’s market-leading compliance management
solution and IT Governance’s document and process management
toolkit and enables businesses to implement effective systems and
controls. The system is unique as it harnesses the experience of both
industry leaders to create an electronic management system developed
from information security principles that radically simplifies the
management of such systems.
Find out more on how you can obtain and retain certification to ISO
27001 with Q-Pulse.
*(Source: DTI Information Security Breaches Survey) |
