ISO 17799 / BS7799 provide organizations with a well-proven framework to initiate, implement, maintain and manage information securely. It embraces the development of security policies, training, risk awareness, computer and data integrity, personnel security, physical security, and contingency planning.

ISO/IEC 17799:2000 is a code of practice for information security management. It provides over 127 information security guidelines structured under 10 major headings to enable readers to identify the security controls which are appropriate to their particular business or specific area of responsibility. As well as giving detailed security controls for computers and networks, ISO/IEC 17799 also provides guidance on security policy, staff security awareness, business continuity planning, and legal requirements.

This service will consist of setting out an action plan to providing advice and direction on standard parts of the process such as:

• Security policy document development

• Identifying a sensible and workable scope

• Establishing information asset registers

• Simple and effective risk assessment

• Straightforward risk management

• Appropriate selection of controls

• Creation of robust security processes

• Staff awareness and training

• Business continuity management

• Compliance through internal audits

• Coordination with Certifying Agencies

Benefits

• Implementation of proven international best practices in security, across the organization

• Increased security means lower costs; fraud, inefficiency and errors would be reduced

• Increased customer confidence

• An internationally recognized certification - provides competitive advantage

• Independent certification of business security function

• Compliance advantages for participation in Government tenders

• Ensures compliance with legislation and regulations.

• Demonstrates effective corporate governance.