IT Governance Blog on IT governance, risk management, compliance and information security.

During times of austerity it’s more challenging than ever for an organisation to meet its compliance obligations, let alone follow a best-practice standard. With a difficult and uncertain economic environment, there can be a tendency to consider compliance issues, such as Business Continuity, as an unnecessary expense and, understandably, focus resources on revenue building projects instead.

Taking such a ‘short sighted’ approach can be dangerous!

While it makes good business sense to focus on revenue building activities, organisations that simply ignore their responsibilities, where business continuity is concerned, will be playing devils-advocate.

(more…)

During times of austerity it’s more challenging than ever for an organisation to meet its compliance obligations. With a difficult and uncertain economic environment, there can be a tendency to consider compliance issues, such as Information Security, as an unnecessary expense and, understandably, focus resources on revenue building projects instead.

Taking such a ‘short sighted’ approach can be dangerous!

While it makes good business sense to focus on revenue building activities, organisations that simply ignore their responsibilities, where information security is concerned, will be playing devils-advocate.

(more…)

Time is running out to make the most of out August offers. We have a very limited number of spaces left on our September ISO27001 Training Courses, which have money off and ‘added value’ tools & resources available until the end of August.

For those of you who can’t attend a training course, we have a fantastic offer available on the unique No 3 ISO27001 ISMS Toolkit.

Extra Value No 3 ISO27001 Comprehensive ISMS Toolkit Offer

ISO27001 Comprehensive ISMS Toolkit If you purchase this toolkit before the end of August (2010), we’ll send you a further 7 unique resources to help kick-start your information security programme – absolutely free! Implementing ISO/IEC 27001 and creating an effective Information Security Management System for the first time can be challenging! This toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

The No 3 ISO27001 Comprehensive ISMS Toolkit contains everything:

(more…)

If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business. Shareholder expectations of boards, and of the individual directors on boards, are clear:

1. The board of directors will actually direct the management of the company, including strategic and IT business plans and fundamental structural changes
2. The board will see to the hiring of competent and honest business and IT managers
3. The board will understand the business of the firm and develop and monitor a business and IT strategy
4. The board will monitor the managers as they carry out the strategy and the operations of the company
5. When making a business decision, the board will develop a thorough understanding of the transaction and act in good faith, on an informed basis, and with a rational business purpose
6. The board will operate with basic honesty, care, and loyalty
7. The board will take good,faith steps to make sure the company complies with the law.

These IT governance expectations demand an appropriate IT governance framework. That can be difficult and time consuming to do from scratch.

(more…)

This week only, we’re giving away a complete set of Information Security Awareness tools with our best selling No 3 ISO27001 ISMS toolkit.

No 3 Toolkit Offer - Additional FREE Resources Include: Information Security Awareness Posters (Download) Information Security Risk Management for ISO27001/ISO27002 (Download) Complete set of five ISO27001 Pocket Guides (Download)

Accelerate your ISO27001 project with the help of this toolkit – Buy before the end of August 2010 to get your 7 additional recources FREE!

Find out more about the No 3 Toolkit – buy it today >>

Want help understanding how ISO27001 will help your organisation? Read our blog post: How will ISO27001 help my organisation during economic austerity?

As the UK enters its new age of austerity with public sector organisations finding draconian budget cuts, organisations must ensure that its IT function acts an enabler of business, and must be fully aligned with business objectives.

ISO/IEC 38500:2008 provides guiding principles for directors of organisations on the effective, efficient and acceptable use of information technology (IT). These principles are designed to be used within their organisations.

Key benefits of ISO38500:

• The first international standard for IT governance
• It provides an efficient, well-thought-through and effective framework for IT governance, leading to better alignment of IT with organisational decisions
• Written in a generic manner, meaning that the advice and guidance in this standard is applicable no matter the size or type of organisation or whether it is in the corporate, public or not-for-profit sector
• Advice and guidance that is provided is not only applicable to directors, but also to their associated members of staff
• It provides essential guidance on the appropriate governance of IT to all key members of staff.

(more…)

So you know that you have to comply with the Data Protection Act, and you know that if you are found to be in breach of the DPA the ICO can now levy tough penalties, far tougher than any seen before.

The first thing you need to do is identify your current level of conformance. The DPA Compliance Assessment Tool will help you do this: it provides recommendations and offers guidance to help you close any gaps that are identified.

Once you have identified exactly what you need to do in order to become fully compliant with the DPA, you will find the DPA Compliance Documentation Toolkit invaluable. It includes all the documentation templates, which are fully customisable, that are essential for any UK data controller (and UK organisation that is responsible for personal information) seeking compliance with the UK Data Protection Act 1998.
(more…)

As the UK government grapples with the huge defecit in the aftermath of the global recession, the measures which have been announced, such as public sector spending cuts, have already had an effect on the wider economy. Headline’s in todays news show that UK inflation has slowed again in June.

For most organisations the economic outlook may seem grim and, in an attempt to control costs, they will be scrapping all non-essential projects.

How does your organisation determine which projects are non-essential?

The common sense approach is to look at the bottom line first:

• Which projects will deliver the greatest return on investment?
• Which projects will enable us to win new business?
• Which projects will deliver long-term business goals, yet fail to deliver short-term returns?

Secondly, compliance issues need to be taken into consideration:

• Which compliance projects will ensure we are trading legally?
• Which compliance projects will help us to comply with our contractual obligations?
• Which compliance projects will protect us in the event of a breach or other potentially damaging risks?

When you apply these questions to an information security and ISO27001 project, you will begin to see the real benefits of achieving certification, and will soon conclude that this is one project that is well worth pursuing.

How will ISO27001 help my organisation during economic austerity?

Implementing ISO27001 will enable an organisation to find efficiency savings which could have an immediate impact on its bottom line. Many organisations that already have ISO27001 certification have found themselves at an advantage over their competitors. This is particularly apparent during the tendering process as public sector organisations, and increasingly private sector organisations, are demanding ISO27001 certification as a pre-requisite.

So, as you can see, the commercial benefits to ISO 27001 certification are strong and when you back this up with the more obvious ‘compliance’ issues, there is a very strong case for bringing the project forward and making it happen as soon as possible.

Accelerate your ISO27001 project and develop an ISO27001-Compliant Information Security Management System (ISMS).

The No 3 ISO27001 Comprehensive ISMS Toolkit has everything you will need. When you use our highly practical and informative books and tools to help you tackle the project, you receive unique guidance and support for your organisation – plus, with this package, you save money!

Risk assessment is critical to effective deployment of an ISO/IEC 27001 Information Security Management System, and this toolkit enables you to demonstrate that you have a repeatable risk assessment process and appropriate documentation.

The No 3 ISO27001 Comprehensive ISMS Toolkit has 6 components which, when combined, give you the most powerful mix of resources available today!
(more…)

Our range of governance risk and compliance toolkits has grown rapidly over the last few month so I want to take this opportunity to share this new range with you:
(more…)

Buy the No 3 ISO27001 Comprehensive ISMS Toolkit before the end of June (2010), and get SEVEN additional resources free!

Implementing an information security management system in line with ISO27001, can be challenging for any organisation. The Extra Value No 3 ISO27001 Comprehensive ISMS Toolkit Offer has everything you need for successful implementation and will help you to accelerate your project saving you time and money.

(more…)