IT Governance Blog on IT governance, risk management, compliance and information security.

Recently my neck of the woods has been taking a bit of a beating from the weather gods. First it was the rain, which flooded part of the town I live in and all but destroyed a couple of towns nearby. This week it’s been snow, which has reduced the main roads in and out of my home town to a complete standstill at some times, and an outright deathtrap at others.

Happily having a member of staff, or even several members of staff, trapped by the weather has little or no impact on ITG’s continuing operation. Why? Because we operate an Information Security Management System to the ISO27001 standard. We are prepared.
(more…)

• Is your business going to succeed or fail in the new age of intellectual capital?
• Will your board of directors meet its fiduciary responsibilities in terms of information technology?

If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business. Shareholder expectations of boards, and of the individual directors on boards, are clear:

• The board of directors will actually direct the management of the company, including strategic and IT business plans and fundamental structural changes;
• The board will see to the hiring of competent and honest business and IT managers;
• The board will understand the business of the firm and develop and monitor a business and IT strategy;
• The board will monitor the managers as they carry out the strategy and the operations of the company;
• When making a business decision, the board will develop a thorough understanding of the transaction and act in good faith, on an informed basis, and with a rational business purpose;
• The board will operate with basic honesty, care, and loyalty; and
• The board will take good-faith steps to make sure the company complies with the law.

These IT governance expectations demand an appropriate IT governance framework. That can be difficult and time-consuming to do from scratch.
(more…)

The New Year is often a time of reflection for many people. This year will be no exception, in fact, being the end of a decade may prove to be an ideal time to take stock, look at where you’re headed and set yourself some real targets for the coming year and beyond.

There is much speculation about the state of the global economy but the one thing you can be sure of is the current level of unemployment. With 1.63 million people claimimg job seeker’s allowance in November 2009 and just 432,000 job vacancies, statistcs show there are just over four candidates for every vacancy!

If you are looking to make a career in IT, or you are already working in IT and are seeking promotion, you should seriously consider the ITIL certification scheme. Employers will expect candidates to be certified to ITILv3 Foundation level as a minimum requirement and having an Intermediate level qualification will give you an advantage over other candidates.
(more…)

We have established over the last few weeks that 2010 will see much tougher penalties for dpa non-compliance and a much more hostile regulatory environment.

As a counter-measure, and to help organisation meet the requirements of the DPA we have created the DPA Compliance Kit. This kit is comprehensive and walks you through all the steps necessary to achieve compliance cost effectively and in good time.

This PDA Compliance Kit contains all the tools for doing it yourself.

• DPA Compliance Assessment Tool;
• DPA Compliance Documentation Toolkit;
• Data Protection Compliance in the UK – Pocket Guide; &
• How to Survive a Data Breach – Pocket Guide.

(more…)

If you’re struggling to apply the principles of PRINCE2 in practice, and need guidance on adapting the process depending on context and scaling for smaller projects, this is the book for you!

PRINCE2: A Practical Handbook, Third Edition is a practical guide to applying the 2009 version of the methodology. This book is a readable, practical reference with real-life examples and case studies, links between related components and processes, and clear guidance on how to fine-tune the method to suit situation and size.
(more…)

In my inaugural post last week I talked about those companies out there who certificate their own work, in particular to ISO27001. I’m not going to go over the same argument again here, but I do feel it would be remiss of me not to address the more pressing, underlying cause that feeds such organisations in the first place: information security can be expensive to do properly.

In particular, ISO27001 can be an expensive standard to tackle for small businesses. That doesn’t mean that there’s any less of a demand for it, however: The “information age” has provided start-ups and SME’s with the tools required to punch well above their weight, often finding themselves in the supply chains for much larger bodies who demand a certain standard in doing business, including how you manage your information security.

What to do in that situation? Well, there are a number of options available:
(more…)

PB463WB6WEQT

It is quite usual for shareholders and customers to consider an organisation to be well managed and quite often this is true. There are however, some occasions when that expectation may not ring true; Take business continuity for example:

If a shareholder, customer or any other stakeholder where to ask senior managers within your organisation if you have adequate business resiliance plans in place; or how long it would take you to recover from any given scenario, how confident would your senior managers be in their response?

Would they be able to explain your business continuity plans in such a way that satisfies the stakeholder and more importantly, would the business continuity plan stand up in such an event?
(more…)

There hasn’t been a better time than now to purchase the No 3 ISO27001 Comprehensive ISMS Toolkit.

3 reasons to buy this toolkit during December:

1. Beat the VAT rise and save nearly £50!
2. Get a free 1 month Subscription to our KnowledgeBank!
3. Benefit from the recently added extra value resources!

(more…)