Understand ISO 27001 before you get caught out!

By Hytec Information Security

Over recent months, local authorities have been inundated with communications and edicts about information security standards. Summarising the position of the new ISO 27001 information security standard, this article describes some of the help available in achieving compliance.

BS7799 – Part of Implementing Electronic Government

The British Standard for Information Security BS7799 has been mandatory in central government for some time whilst all local authorities, as part of their Implementing Electronic Government programme, have been obliged to achieve compliance with the standard by April 2006.

Even without the external pressures from ODPM, BS7799 has been the (only) proven standard against which Information Management can be measured.

Whilst achieving compliance has not been a difficult process, it has often proved to be problematic without expert guidance of the type that Hytec has been able to provide.

ISO 27001 - New Standard for Information Security

Unfortunately the process has been further confused because, with effect from October 2005, BS7799 has now been replaced by the International standard ISO 27001:2005.

Although there are not significant differences, the new international version of the standard clarifies and strengthens the requirements of the original British standard, and includes changes to the following areas:

•  risk assessment

•  contractual obligations

•  scope

•  management decisions

•  measuring the effectiveness of selected controls.

Unique ISO 27001 Experience

Hytec is uniquely experienced to assist local authorities in all aspects of ISO 27001 (BS7799) compliance:

• Hands-On Knowledge of ISO 27001 - As one of the UK 's first organisations to be fully BS7799 certified, we have an ISO 27001 compliant Information Security Management System that has been audited and certified by BSI.

• Experience of local authority requirements – We've now been supporting local authorities for twenty-five years. Our current customer base includes 23 of the 33 London Boroughs as well as major metropolitan, county and district councils.

• Expertise in Information Security – We specialise in information security consultancy and managed security services, and nothing else.

Help with ISO 27001

Hytec's team of BSI Certified Lead Auditors and CESG Certified CLAS Consultants have developed a portfolio of services designed to guide authorities through the ISO 27001 compliance process, culminating in an Information Security Management System (ISMS). These assess the current status of the authority's Information Security Management System (ISMS), carry out risk assessments, prepare ISO 27001 compliant documentation, deliver training and awareness programmes and provide ongoing support.

For a datasheet on Hytec's ISO 27001 services portfolio, please click here or call Hytec on 01865 887 428.

Source: Hytec Information Security www.hytec.co.uk

Back to Security Matters index