Supportspread - Information - Security Standards

Information - Security Standards

The Information Security Standard

Originally there was BS7799 – which was based on an even earlier code of practice for information security. This then evolved into two parts with one part being the code of practice and the other the specification of security measures against which the company could be audited. These have now been adopted as International standards;

ISO/IEC 27001:2005 - specification for an Information Security Management System
ISO/IEC 17799:2005 - code of practice (good security things to do!)

Companies should at the very least consider adopting the code of practice specified in 17799:2005 as this provides a good framework. Of course not all the things specified in the code of practice will be relevant and that’s where Supportspread can help.

While it is essential to have some security to protect a business, having too much or too little or even the wrong type, can be expensive and ultimately worthless. We work to ensure that our customer’s security is cost effective and appropriate to them.

Supportspread ISO 17799 Services

ISO 17799 Gap Analysis
This service provides a snapshot of how the company is doing when compared against the requirements of the International Standard Code of Practice for security, ISO 17799. The code of practice provides a comprehensive security framework. By assessing where company’s are against the framework, it is possible to identify areas of weakness. The ISO 17799 Gap Analysis service can be adapted to review only portions or sub-sets of a customer’s organisation.

Security Team Assessments
One critical element, which is often overlooked, is the composition and performance of the security team. Does it have the required skill sets? Does it fully engage with other elements of the organisation? Does it follow industry best practice guidelines?

The Supportspread Security Team Assessment analyses the customer’s security team and reviews them against the requirements of the organisation.

Policies and Procedures
To be effective, a company’s security relies on the people. To provide consistent guidelines to them requires policies and procedures to be in place and to be effective. Supportspread can help devise and implement the policies and procedures that are relevant to your company and to your current working practices.

For more information on the range of Supportspread’s services, please click here.