IT Governance Blog on IT governance, risk management, compliance and information security.

The data protection regulatory environment is about to become far more hostile and intimidating as the Information Commissioner’s Office will gain extra powers in 2010.

The planned new penalties are of unprecedented severity. From April 2010, the ICO expects to impose 25 monetary penalty notices every year for breaches of the DPA. Those fines could be as much as £500,000 each for serious contraventions. Any company, or organisation, failing to take reasonable measures to comply will be in the firing line. There could even be prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation.

Well managed organisations will see this as an opportunity to put in place an effective information security management system (ISMS), and become certified to the internationally recognised standard for information security management, ISO 27001.

What’s the most effective route to certification?

1. Undoubtedly the most painless way to prepare for ISO27001 certification is to bring in a consultant.Our ISO/IEC 27001 consultancy service uses methodologies and tools that have been developed and honed over 10 years, ever since two of our directors led the world’s first successful certification to BS7799, the forerunner of ISO27001.
   

   Organisations who employ 19 or fewer staff find our FastTrack Consultancy Service to be very cost effective. Organisations with more than 19 staff will benefit from our bespoke consultancy service. Here are nine good reasons >>

2. Send key members of staff to attend one of our industry leading Training Courses.The next ISO27001 Foundation Training Course will be held in London on 12 January and in Manchester on 2nd February.
   

   This course is ideal for anyone involved with implementing ISO27001 in an organisation and enables delegates to get to grips with the key concepts and benefits of ISO 27001, including its detailed relationship with ISO 17799/ISO 27002.For more comprehensive coverage of the ISO27001 standard and for detailed guidance on how to implement and effective ISMS in your organisation, our 3-day ISO27001 implementation Masterclass will teach you everything you need to for successful certification.

3. Use one of our ISO27001 documentation toolkits. Documentation toolkits give you the whole range of pre-written, fully customizable templates that you’ll need for successful ISO27001 certification.
   

   The No 3 ISO27001 Comprehensive ISMS Toolkit includes a risk assessment tool, the most comprehensive book ever written on ISO27001, live online consultancy and many more essential resources that will guide to to successful ISO27001 certification!