Home Downloads Sitemap Contact us

Information security management

In 1995, BSI published BS 7799 Part 1 - Code of Practice for Information Security Management. It was revised in 1999. This document, previously published as BSI PD 0003, was originally developed by the Department of Trade and Industry, with the assistance of a group of leading UK organisations. This document (with minor editorial change) was published as BS ISO/IEC 17799:2000. This has now been superceded (with further improvements) as BS ISO/IEC 17799:2005.

The Code was originally based on a compilation of information security practices in general use within the U.K. Much international input has been received since the 2002 edition was published.

In 1997, Part 2 of BS 7799 was published. This document, based on Part 1, contains a specification for Information Security Management. This document specifies objectives and control requirements for Information Security Management Systems.

During the second quarter of 1998, the Minister for Trade and Industry announced a 'new scheme to beat computer security fears'. This scheme is based on BS 7799 Part 2, and enables organisations to obtain certification against its requirements.

BS 7799 Part 2:2002 will be superceded with the publication of BS ISO/IEC 27001; currently schedules for late autumn 2005.

With the increasing acceptance by organisations that Information is a vital asset, safeguarding it is now one of the keys to successful trading. With the advent of electronic trading (e-commerce), such safeguarding have now become a fundamental requirement for continued business activities.

Benefits of certification

At a generic level, BS ISO 17799 and the compliance scheme have been designed to enable the:

  • improvement in the reliability of information stored within computer systems;
  • reduction of the risk taken when working without paper;
  • safeguarding of the evidential value of information stored;
  • improvement of access to electronic records and archives;
  • improvement of system security;
  • reduction in system administration costs;
  • improved awareness of the value of the information asset;
  • improved consistency and quality of all information in the organisation.

Compliance to the Code of Practice, and where appropriate the certification scheme, will increase confidence in the organisations electronic information asset and simplifies the demonstration of meeting quality goals and specific regulatory requirements.

Services available from Group 5 Training

Management Briefing

Provides a common framework for bringing all relevant personnel up to speed, aiding corporate understanding and communications between disciplines. Such sessions often lead to the creation of an effective Project Plan for compliance.

Training Seminars

A formal training course designed to prepare you for achieving compliance can be presented on your premises, designed specifically to meet your needs. Such courses are cost effective for medium and large organisations, reducing staff costs and improving confidentiality.

These intensive seminars can be presented at a location of your choice. For more details, please contact us at a.shipman@group5.co.uk

System Design

If you are designing a system, include the requirements of the Code of Practice into the System Specification. Group 5 Training can provide valuable assistance in the production of these requirements, thus enabling a compliant system from Day 1 of implementation.

Diagnostic Review

A full and independent review is undertaken of your system, providing you with a written report advising on actions to be undertaken to achieve the benefits of compliance. This review includes a full information security audit of your computer systems.

Gap Analysis

Following the Diagnostic Review, an Action Plan will be designed by Group 5 Training, which will enable rapid progress to be made towards compliance.

Corrective Actions

Having worked on a number of systems, Group 5 Training are well experienced in the best methods of implementing the Code of Practice. Often our advise has lead to improved efficiencies and reduced operating costs.

Produce Documentation

The Code of Practice requires documentation to be produced detailing Security, Procedural and Technological specifications. Group 5 Training are geared to produce this documentation, having previously assisted a number of large and small organisations.

Compliance Audit and Certification

Group 5 Training can assist you in demonstrating compliance, by independent audit and completion of the BSI Compliance Workbook (BIP 0009:2004).

Vendors

Can your products be used in a Compliant manner? Group 5 Training can audit your system, and detail any missing facilities that are required for compliance.

Data Sheet

If you would like a copy of our data sheet (.pdf), please see the downloads section.

Back to top

© 2007 - Group 5 Training Limited