Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 20 May 2013

ISO27001 – Information Security Standard

Hardly a week goes by without a news article saying that some data has been stolen/lost/accidently revealed.  The Standard is due to change later this year but businesses considering incorporating this standard should not wait for the new standard, but start on the process now.

Information is the lifeblood of all organisations and can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or by electronic means, shown in films, or spoken in conversation.  The loss or exposure of this information can be really damaging. So do not delay!

The three main principles of any information security management system are:-

Confidentiality – making sure that private date stays private;

Integrity – making sure that data is protected from loss or alteration;

Availability – making sure that data is available when required.


Where do I Start?


Develop an information security policy and identify your organisation's key information assets. Purchase the standard, ISO/IEC ISO27001 and the Code of practice ISO/IEC 27002 to help you do this.

  1. Carry out a risk assessment and build your ISMS. Training of key staff will help to ensure its successful implementation.
  2. Once your management system is fully implemented you can get your system certificated to ISO27001 with one of the accredited certification bodies


What is ISO27001?


ISO27001 is an international standard setting out the requirements for an Information Security Management System. Using 27002, it helps identify, manage and minimise the range of threats to information.

  • Security policy - This provides management direction and support for information security
  • Organisation of information security - To help you manage information security within the organisation
  • Asset management - To help you identify your assets and protect them as required
  • Human resources security - To reduce the risks of human error, theft, fraud or misuse of facilities
  • Physical and environmental security - To prevent unauthorised access, damage and interference to business premises and information
  • Communications and operations management - To ensure the correct and secure operation of information processing facilities
  • Access control - To control access to information systems
  • Information systems acquisition, development and maintenance - To ensure that security is built into information systems
  • Information security incident management – to react to security incidents or weaknesses
  • Business continuity management - To deal with  interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
  • Compliance- To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirements.

There will be a transitional period when the revised standard is issued, and businesses can choose to be assessed against the existing or new standards.   Once the transition period is completed (usually 12 months) then all businesses will have to comply with the new standard.

Tuesday, 7 May 2013

What no Broadband?

I came in to the office early as I had a lot of work to do only to find that the broadband was not available.   The internet light on the router was flashing amber and no amount of rebooting and obvious checking was going to have any effect. 

I was left with no option but to call the dreaded broadband helpdesk.   Three hours later, and having dismantled the telephone line box, changed cables, rebooted the router, the computer and messed about with the router settings with no good result, my blood pressure was very raised and having answered the same question with four different people with escalating areas of knowledge, I was beginning to lose my sense of humour.

The calls (0844) were costing me money and of course were not achieving anything.   The final straw came when the woman at the end of the line suggested that I would be charged £50 for an engineer to visit my home!!!   Why in God’s name would I need to have an engineer visit me at home when the problem lay with the broadband at the office?  

I know they have a job to do and it cannot be the easiest job in the world, but it would help if they could pass the job to a more experienced person when “rebooting the router” doesn’t work rather than reading through the whole script.

In desperation I asked to speak to a manager; I explained that I had been a customer since 1997  and I was not particularly pleased at being treated like a an idiot; I did say that I would ask for a mac code so that I could take my business elsewhere;  finally I was assured that an engineer would call at my office the next day and without charge, I even had a choice of times.  In the meantime I tried to work using a 3G modem on my laptop.  This is fine for internet connections when I am out of the office but painfully slow compared with broadband.

The engineer, a very cheery chap arrived within the timescale agreed and saw that the green internet light on the router was now lit but still no broadband connection.  He said that in 99 times out of a 100 it would be a faulty router.  He would pop down to his van a get a new one.  Within 15 minutes he had configured the new router and all was well again;  my blood pressure returned to normal.

The engineer asked me to complete a customer satisfaction form and he said that I should concentrate on his performance etc. and not on the help desk performance.  I was happy to do this and scored him at the top of the range.

I have deliberately not named the broadband provider as I am reliably informed, by other companies on the business estate that they are all pretty similar.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design