Information security certification
19th December 2002 (Computimes)
By ROZANA SANI

INCREASED threats on organisations and their information systems brought by computer-assisted sources require local companies to regard and treat information as a valuable business asset that needs to be suitably protected.

This is especially crucial in companies, which run information and communications technology (ICT)-related or supported businesses, that aspire to make inroads into both local and international markets.

Jacqueline Francis, business development director of AJA EQS Certification (M) Sdn Bhd (AJA), a certification services provider, said these companies should consider getting a BS 7799 certification - a British standard that provides a framework for the implementation and maintenance of an information security management system (ISMS).

"Applicable to all sizes of organisations in all business sectors, the certification allows companies to demonstrate to their customers, suppliers and governmental organisations that they are dedicated to information security," she told Computimes in Kuala Lumpur recently.

"The adoption of an ISMS is a way to preserve information integrity, by safeguarding the accuracy and completeness of information and processing methods," she said, adding that at the same time, it also facilitates information confidentiality by ensuring that information is accessible only to those authorised to have access; and availability, by ensuring that authorised users have access to info and associated assets when required.

According to Francis, the type of companies that will benefit from the info security reassurance are banks and associated companies, insurance companies, Internet service providers, government agencies and associated organisations, as well as organisations holding personal and financial and/or classified info.

"For these companies, there are risks in not adopting an ISMS. If their competitors become certified, they will make certification a market differentiator. If a company's information is compromised, then it is liable to attract media attention, loss of clients and/or business."

Francis said AJA guarantees the lead time from application to certification at five weeks or a mutually agreed date, whereby document review is generally completed off-site to minimise disruption to customers' business.

"AJA does not require any specific format for the client's documentation other than it must satisfy the requirements of the appropriate standard. Its structure and wording should be appropriate to the customer culture and easily understood by those who will comply with the requirements," she said.
   

COPYRIGHT © - CYBERSECURITY MALAYSIA
CONTACT US PRIVACY NOTICE DISCLAIMER SITEMAP