UK security standard set to bring big business benefits

A new standard claimed to improve security of information systems with an international framework has been launched in the UK. Based on the British BS 7799 (part 2) standard, ISO27001 is designed to improve suppliers’ and customers’ confidence in one other, knowing that their IT management systems are more secure. “Setting standards is difficult when our society is so risk-averse, believing that its someone’s fault for everything that goes wrong,” said Alun Michael, Minister of State for Industry, late last year at the fourth international 7799 Goes Global Conference, a forum for information security. “And yet we stick our heads in the sand and just hope that our computer system won’t be targeted or attacked,” he added. “The launch of a new international information security standard is a milestone in recognising the importance of good practice in the IT sector. Secure information should be at the heart of business thinking and not a technical issue.” ISO 27001 should make it easier for companies to incorporate security into their management systems, and companies already ISO 9001 compliant on quality management should be able to adopt it. The next DTI biennial Information Security Breaches Survey will be launched in April. The 2004 study found that businesses that adopted the 7799 standards said they had brought real business benefits.