Do you look after or are you responsible for sensitive information?

ISO 27001 Information Security Standard

With new technology and greater emphasis on storing personal and security sensitive data this new standard is fast becoming a must for some companies, in fact some of the major "blue chip" companies insist on it being in place before a supplier can be approved for use. They need to know that suppliers have in place the controls to protect their data from falling into the wrong hands. Some of the documentation required for this standard is the same as is needed for ISO 9001 with no duplication necessary, thus there is a cost saving if both standards are introduced at the same time.

Do you look after or are you responsible for sensitive information? It may be personal data or it may be technical information or generally secret information. Do you know how to protect it? Do you know what the risks are. There have been many instances recently of information going missing. The information Security standard (ISO 27001:2005) lays down the guidance to make sure it doesn’t happen to you or your customer’s.

If your company puts sensitive information in the hands of suppliers you should make sure that they have the standard in place and have been audited to it before you let them receive such information, as your customer will probably make sure you have it in place before they give it to you. Just think, it may be your information that goes missing next time.

ISO 27001 Information Security Standard

ISO 27001 Information Security Standards

ISO Chain of Command