Organisational security

Organisations need to develop and implement strategies and plans to improve their security to meet internationally recognised standards covering the following areas:

• Business continuity plans need to be developed from a Business Risk Assessment that identifies critical business functions, their vulnerabilities, potential impact of their loss and possible countermeasures. Recovery plans must be tailored for the organisation depending on business, location and IT infrastructure factors.
• ISO 17799 complicance and (formerly BS7799-1) and ISO 27001 certification (formerly BS7799-2) Organisations must show due diligence against national standards and legal requirements. The recommended solution is compliance with ISO17799 and, depending on business pressures, certification to ISO 27701.
• Security policies High-level management policies and detailed specific system security policies need to be developed that conform to good practice but are tailored to meet the specific risks to the business.
• Security training and awareness All staff must be aware of the organisation's security policies and practices. Training programmes should be run based on the specific needs as identified by the risk and gap analyses and tailored to each part of the organisation.

Logica enables companies to quantify the risks to their information and put cost-effective measures in place to manage those risks. Organisations need to be able to compare and assess the information security practices of their trading partners, from whom they may also be at risk. For UK government organisations, there are two additional reasons:

• The Cabinet Office has directed that all government bodies must achieve compliance for all major systems with ISO17799 
• To connect to the government GSI network, it is necessary to demonstrate that an appropriate level of information security exists within your organisation.

If you would like more information, please call us on: +44 20 7446 4655.