Business Continuity Planning Best Practices
Business Continuity Management
Business Continuity Planning
Disaster Recovery Planning
Crisis Management
Emergency Management
Command and Control
Threat and Risk Assessments
Command Centre Assessments
BCP Governance
Testing your BCP
Auditing
Training
IT Security
Building Security
Facility Evaluation
Anti Terrorism Planning
Regulatory Compliance
BS 17799
Insurance
Corporate Security / Protection
Health and Safety
All Consultants Carry Professional Certification
About Business Continuity International
24 Hour On Call On Site 
SARS
Hospitals
The business Continuity Institute

 

General enquiries:

 

Sign up to BCP User group at Yahoo!

 

The Business Continuity Institute : www.thebci.org

 

Survive Group : http://www.survive.com

 


Search the Web for:
Use Advanced Search

 

 

 

 
 
 
 
 
business continuity planning asia
 
 
 
 
 
 
 
 
 
 
 
 
 

 

 

 

 

 

 

 

 

 

 

 

 Business Continuity International 


Business Continuity Planning ISO 17799

ISO17799  

It is organised into ten major sections, each covering a different area:  

Business Continuity Planning
The objectives of this section are: To counteract interruptions to business activities and to critical business processes from the effects of major failures or disasters.

System Access Control
The objectives of this section are: 1) To control access to information 2) To prevent unauthorized access to information systems 3) To ensure the protection of networked services 4) To prevent unauthorized computer access 5) To detect unauthorized activities. 6) To ensure information security when using mobile computing and tele-networking facilities

System Development and Maintenance
The objectives of this section are: 1) To ensure security is built into operational systems; 2) To prevent loss, modification or misuse of user data in application systems; 3) To protect the confidentiality, authenticity and integrity of information; 4) To ensure IT projects and support activities are conducted in a secure manner; 5) To maintain the security of application system software and data.

Physical and Environmental Security
The objectives of this section are: To prevent unauthorized access, damage and interference to business premises and information; to prevent loss, damage or compromise of assets and interruption to business activities; to prevent compromise or theft of information and information processing facilities.

Compliance
The objectives of this section are: 1) To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements 2) To ensure compliance of systems with organizational security policies and standards 3) To maximize the effectiveness of and to minimize interference to/from the system audit process.

Personnel Security
The objectives of this section are: To reduce risks of human error, theft, fraud or misuse of facilities; to ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; to minimize the damage from security incidents and malfunctions and learn from such incidents.

Security Organisation
The objectives of this section are: 1)To manage information security within the Company; 2) To maintain the security of organizational information processing facilities and information assets accessed by third parties. 3) To maintain the security of information when the responsibility for information processing has been outsourced to another organization.

Computer & Network Management
The objectives of this section are: 1) To ensure the correct and secure operation of information processing facilities; 2) To minimize the risk of systems failures; 3) To protect the integrity of software and information; 4) To maintain the integrity and availability of information processing and communication; 5) To ensure the safeguarding of information in networks and the protection of the supporting infrastructure; 6) To prevent damage to assets and interruptions to business activities; 7) To prevent loss, modification or misuse of information exchanged between organizations.

Asset Classification and Control
The objectives of this section are: To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.

Security Policy
The objectives of this section are: To provide management direction and support for information security.

 

For budgetary pricing contact : 

 

Back to main page :