Every cloud has a silver lining however; we have seen a huge increase in enquiries for consultancy in setting up ISO27001 systems. It seems that industry and commerce are taking data security very seriously, unlike the Revenue.
ISO27001 sets up a number of steps that protect data and other information from unauthorised access and release. It also ensures compliance with the Data Protection Act and ensures that companies are protected from litigation concerning data.
Surely it cannot be long before the Information Commissioner takes action or failing that litigation against those who loose or act in a cavalier manner with data under their care.
Every organisation employing ISO27001 can claim that they have used best practice and have taken all reasonable steps to ensure that the elements of Data Security have been employed. This is a valid defence in a Court of Law (if it should go that far).
C. I. A. are the main requirements:
- To ensure that data is not compromised or released
- To ensure that data is protected from unauthorised alteration
- To ensure that data is available when and where required
If we all carry this out then there is hope for us yet.
At the moment, I for one, am unwilling to trust my valuable data to any organisation not complying fully with ISO27001.