Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 31 January 2011

ISO27001 and Password Controls

I visit quite a number of businesses each year and those seeking certification to ISO27001, the information security management standard, are rising in numbers.

The first step in any 27001 assignment involves a gap audit to see how near (or far) the company is from  meeting this standard.  Usually it transpires that some significant work is required to meet this exacting standard.

To put the standard into perspective;  If ISO9001 , the quality management standard, equated to a molehill then 27001 would equate to Everest. I hope I haven’t put you off!!

One of the sections within 27001 deals with access control and the part I want to cover is the control and use of passwords.  Here are some rules for passwords:
  • Passwords should be complex, i.e should be six characters or more, must contain at least one number , one uppercase letter and if possible a non alpha or numeric character.   I often put £ in my passwords because only UK keyboards have this.
  • The password should not be in a dictionary either forwards or backwards.
  • Never use Pa33w0rd (Password) or lEt m3 1n (letmein) or a pet or partners name.
  • Never disclose your password to anyone
  • Change your password regularly
  • Never write it down unless it is heavily disguised.

I see breaches of these rules on a regular basis including:
  • Post it notes with the password stuck to monitors or under keyboards.  
  • Passwords with three characters, 
  • Passwords that are really obvious like January-week 1, which increments to January-week two and so on.

Most systems can be hacked in a relatively short time so I recommend that a computer should lock if more than a set number of incorrect passwords is entered. Make it harder and time consuming for the hacker.

Let us make 2011 a more secure year for our computer systems.  Remember the data on your system is valuable and can cause a great deal of distress, if not financial loss if it is stolen by others.

Monday, 17 January 2011

A Happy New Year

May we at Quality Matters wish all our Clients and Blog readers a very Happy New Year.
The new year promises to be more challenging, if the pundits are to believed, with the potential for interest rate rises, higher taxes  and difficult trading.  However there are a number of things that the astute business leader can do:

Increase efficiency  - ISO9001 Quality Management is a good way to achieve this
Improve environmental impact – ISO14001 is the way to achieve this
Protect information -  ISO27001 is designed to protect organisations from information loss
Manage Health & Safety – OHSAS 18001 – an excellent way to ensure your H & S is efficient
Aerospace provider?   - AS9100is the way to go
Food safety ISO22001 - is a good standard
IT Service Management- ISO20001 -  is the standard you need.

If any of these is of interest to you then we can help, after all we have been doing it for nearly twenty years;  Give us a call  01621 868767 or email and we can provide you with a no obligation quotation or a visit to your premises to show what we can do for you.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design