THE Managing Director of Digital Jewels Limited, a specialised information technology and project management firm, Mrs. Adedoyin Odunfa has said reaching ISO 27001 standing is a necessity for every business organisation that must perform effectively in today's business environment.Stating this at the Information Value Chain breakfast forum organised by Digital Jewels in Lagos recently, Odunfa said ISO 27001, titled 'Information Security Management Specification with Guidance for Use', is the replacement for the original document, BS7799-2. It is intended to provide the foundation for third party audit, and is 'harmonised' with other management standards, such as ISO 9001 and ISO 14001.She explained that the basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. It implements OECD (Organisation for Economic Cooperation and Development) principles, governing security of information and network systems.According to her, having this worldwide accreditation implies the organisation is recognised as having undergone essentials IT checks which assures that all of the organisation clients documents are securely stored and processed within its IT programmes. She said this indicates that important corporate data is safeguarded from threats such as hacking, virus, theft or organic disasters.Explaining the critical success factors and pitfalls to avoid when planning to reach the ISO 27001 standard, the Digital Jewel boss said it is imperative for organisation's management to realise that it is about information assets, compliance to standards, understanding and managing risk, continuous improvement and building an enabling corporate culture.She further explained that the effective security of information assets requires strong management commitment, strategic processes, education and awareness, assessments and relevant technologies. She said organisations must create proper policies, procedures and regulations by which all employees must operate. Stressing this point, she said organisations should 'make the protection of corporate information assets 'the law'. Make adherence to policy and standards a condition of employment. Policy, standards, and procedures must become part of a corporations living structure, not just a policy development effort.'Recounting the organisational experience and strategies engaged to attain the standard, the Executive Director, Shared Services of Fidelity Bank Plc, Mr. IK Mbagwu said Fidelity Bank ensured that information is accessible to only those authorised to have the access. The bank also safeguarded the accuracy and completeness of information and processing methods and ensured the availability of information and associated assets when needed.
Click here to read full news..
