<< My First Core Server Scripts | Home | Nokia 5800 Xpress Music >>

ISO 27001 Should we go for it?

Yesterday I attended a meeting hosted at another law firm on behalf of ILTA (International Legal Technology Association) aimed at legal firms on ISO 27001, it is something that I haven really looked at until now. I am sure that many of you have heard it being thrown about, along side BS7799. ISO 27001 is the replacement for the original document, BS7799-2. It is basically an Information Security Management Standard (from what I can gather).

Up until yesterday I thought that it was a based around IT security but I was wrong, it is about Information Security.

Now, most people will link information and data security to IT systems as they are there to house all your businesses information and data, but Information will be on any document that someone might leave lying around. I don’t know about you but in my companies line of business (legal) there is a heck of a lot of paper lying around the offices, boxes full of documents, print outs of emails, letters and much more. What use is it for us in the IT dept to strive to make sure that all the electronic data is secured when staff leave all these documents lying around free for anyone to see? Other things I did not know about ISO 27001 was that things like a simple ID’ing system can contribute to the accreditation of this standard.

From what I have learned so far this will be a long process and is something that we cannot just get over night, we will need to adhere to a robust audit and certification scheme and look at ways we can continually improve on our current level Information Security, which at the moment will not be hard as there is a lot that we could improve on internally.

The only reason I can see it being a benefit for us is if we will win large tenders because of having it, ie acting for large financial institutions and global corporations.

At the end of the day some of the requirements should be adhered to regardless of ISO 27001 I think, like tidy desk, not leaving any information laying around for anyone to see. It all comes down to data protection I guess, and how you value your clients/customers data.

posted on 04 June 2009 12:20

Bookmark and Share

Comments

No comments posted yet.

Post Comment

Title *
Name *
Email
Url
Comment *  

Please add 2 and 7 and type the answer here: