Business
Continuity International
Business
Continuity Planning ISO
17799
ISO17799
It is organised into ten major sections, each covering a different area:
Business Continuity Planning
The objectives of this section are: To counteract interruptions to business
activities and to critical business processes from the effects of major failures
or disasters.
System Access Control
The objectives of this section are: 1) To control access to information 2) To
prevent unauthorized access to information systems 3) To ensure the protection
of networked services 4) To prevent unauthorized computer access 5) To detect unauthorized
activities. 6) To ensure information security when using mobile
computing and tele-networking facilities
System Development and Maintenance
The objectives of this section are: 1) To ensure security is built into
operational systems; 2) To prevent loss, modification or misuse of user data in
application systems; 3) To protect the confidentiality, authenticity and
integrity of information; 4) To ensure IT projects and support activities are
conducted in a secure manner; 5) To maintain the security of application system
software and data.
Physical and Environmental
Security
The objectives of this section are: To prevent unauthorized access, damage and
interference to business premises and information; to prevent loss, damage or
compromise of assets and interruption to business activities; to prevent
compromise or theft of information and information processing facilities.
Compliance
The objectives of this section are: 1) To avoid breaches of any criminal or
civil law, statutory, regulatory or contractual obligations and of any security
requirements 2) To ensure compliance of systems with organizational security
policies and standards 3) To maximize the effectiveness of and to minimize
interference to/from the system audit process.
Personnel Security
The objectives of this section are: To reduce risks of human error, theft, fraud
or misuse of facilities; to ensure that users are aware of information security
threats and concerns, and are equipped to support the corporate security policy
in the course of their normal work; to minimize the damage from security
incidents and malfunctions and learn from such incidents.
Security Organisation
The objectives of this section are: 1)To manage information security within the
Company; 2) To maintain the security of organizational information processing
facilities and information assets accessed by third parties. 3) To maintain the
security of information when the responsibility for information processing has
been outsourced to another organization.
Computer & Network Management
The objectives of this section are: 1) To ensure the correct and secure
operation of information processing facilities; 2) To minimize the risk of
systems failures; 3) To protect the integrity of software and information; 4) To
maintain the integrity and availability of information processing and
communication; 5) To ensure the safeguarding of information in networks and the
protection of the supporting infrastructure; 6) To prevent damage to assets and
interruptions to business activities; 7) To prevent loss, modification or misuse
of information exchanged between organizations.
Asset Classification and Control
The objectives of this section are: To maintain appropriate protection of
corporate assets and to ensure that information assets receive an appropriate
level of protection.
Security Policy
The objectives of this section are: To provide management direction and support
for information security.
For budgetary pricing contact :
Back to main page :
|
Sign
up to BCP User group at Yahoo!
