ISO 27001 information security management system

IMSM will help you to install a working ISMS (Information Security Management System), pass Audit and be Registered and Secure
Keyword search
Compliance

News

Risk

Other ISO standards

Associations




You are in: Compliance


Public Sector


USA
In the USA The Department of Homeland Security is promoting a number of exhibitions on Information Security (see IS Exhibitions) to increase awareness of the need to protect Information Assets.


UK
In UK the guidance for all Public Sector is to adopt ISO 27001 (previously BS 7799). ISO 27001 incorporates ISO 17799 as Appendix A. An extract from the government CSIA website http://www.cabinetoffice.gov.uk/csia/ia_governance.aspx

reads as follows:


Key Principles
All Central Government departments are required by the Cabinet Secretary to manage the risks to their key information systems by:


ensuring that their critical information or management system processes are compliant with BS7799; and undertaking audits to confirm the effectiveness of the information risk management process.

Information risk management secures information of UK national interest, assists with the development of electronic government and promotes confidence in those parts of government which form part of the CNI.


Whilst this principle has been expressed in terms of Central Government departments, the concept of alignment with an accepted standard and the ongoing monitoring of effectiveness are applicable across the wider public sector.


The Role of Standardization

The international standard for information security management, ISO/IEC 17799, is a key element of the governance framework. It ties the Information Security Management System of an organization to the internal business processes, and provides a statement of best practice for organizations managing information confidentiality, integrity and availability.


The standard is applicable not only to commercial systems but also across government, from Central Government departments to Local Authorities (LAs) and Non-Departmental Public Bodies (NDPBs).


The standard developed from British Standard 7799 (BS7799), and at the time of writing the relationship between the two is that:


ISO/IEC 17799 states best practice for an Information Security Management System (ISMS).
BS7799 Part Two (soon to be replaced by ISO/IEC 27001) is a standard for certifiable compliance.
BS7799 Part Three states best practice for risk analysis and risk management.

The standardization achieved through ISO/IEC 17799 supports the move to have policy that is accessible both to Central Government departments and also to the wider public sector.


Implementation of the ISO standard and the application of information risk management are vital for promoting public trust in government.?


[ Back to top ]


IMSM, The Gig House, Oxford Street, Malmesbury, Wiltshire, SN16 9AX. Tel: 01666 826065. Powered by BouncingFish