In today’s business world, information in all its forms is the most valuable currency. And if you thought this was purely the province of IT, think again. Keeping information secure is a critical responsibility that extends throughout the entire organization – and SAI Global can help you do it.
Brahman Thiyagalingham is Business Manager – ICT Risk & Assurance at SAI Global, and has special expertise in information security. He is quick to dispel some of the myths and misunderstandings relating to this critical business issue.
“People are still struggling to understand the wider application of information security, outside of IT,” he explains.
“What they need to realise is that it relates to all types of information, be it paper-based, electronic or any other. An Information Security Management System (ISMS) does not relate purely to computerised data. It determines how all information is processed, stored, transferred, archived and destroyed.”
Brahman goes on to explain that a secure information management system is one which ensures:
• confidentiality: Only those who are authorized to see the information have access to it
• integrity: The accuracy and completeness of the information is safeguarded by robust sourcing, processing, updating and storage processes
• availability: Authorized users have access to information and associated assets, in the required forms, when they need it.
In recent years a number of Standards for information security management have been released. According to Brahman, many IT service and data-centres were quick to establish compliant systems.
“The ISMS programs were initially in great demand from IT-related businesses, to the point where having a certified ISMS has become a requirement for doing business with some public sector and larger private sector organizations,” he says.
“This trend has extended to banking and finance organizations and the healthcare sector. Obviously these businesses are dealing with highly sensitive information and not just in the data centres.
“Increasingly however we are now talking to people from all sorts of different industries, including many that are service related, who take a truly strategic business approach to the issue of information security. There is now a far wider recognition of the broader business implications of what they do, not just putting the issue into a technical basket and saying it’s an IT or computer problem,” says Brahman.
In fact, he goes on to cite a recent security breach involving the employee of a major bank leaving a briefcase full of sensitive information on a train.
“You could have the most secure computer system in the world and this could still happen. It’s a prime illustration of the need for security management, controls and processes extending throughout a whole organization.”
Which brings us to the critical question: how secure is your company’s client and other business information?
One way to find out is to request a one-off audit or ‘gap audit’ from SAI Global’s Information Security Management System (ISMS) specialists.
This involves an examination of how your business’s information is handled, to establish what risks and potential for breaches are evident. You can then go on to set in place policies, processes and controls to address the risks.
SAI Global can also provide second party audits – that is, assess your organization’s information security system according to its own information security criteria.
You also have the option of using the Standard ISO/IEC 27001:2005 as a reference guide. Originally developed by major international industry organizations, the standard has been improved and refined to ensure widespread practical application at international levels. It is now globally recognized as offering a practical framework and functional guidelines to assist with the improvement of information security. If your organization chooses to become certified, it will be recognized accordingly – worldwide.
There is also a newly released standard available to help ensure the information security of organizations that outsource their information and communication technology operations.
“These companies are finding that they have to deal with a different set of risks,” says Brahman. “Of course the security risks remain, however they also have to make sure their supplier can provide them with a robust, sustainable and quality service that meets all the organisation’s security and other requirements.
To this effect, a new certification standard, ISO 20000 Information & Communication Technology (ICT) Management has been released.
To find out more contact Brahman.Thiyagalingham@saiglobal.com
The results of the 2007’s 19th Annual Business Excellence Awards are in, with SAI's Assurance Services clients dominating the systems categories.
City of Marion won a Bronze Award; St. Andrew’s Hospital won a Quality Systems Excellence Award; and Temple Bruer Wines was recognised for Excellence in Environmental Systems.
|
|
| The Better Business Conference, Sydney |
The prestigious business awards, which were announced in Sydney in June, recognise and reward excellence in business improvement in categories ranging from small business to government bodies, not for profit groups and large listed companies.
More than 100 leading Australian companies and public sector organisations competed for a place in the Awards, which were the culmination of 12 months’ rigorous peer assessment against international best business practice.
Developed in 1987, the Awards are part of the Global Excellence Model family, which includes the European Quality Awards, Malcolm Baldridge Quality Awards in the U.S., and the Singapore Quality Awards. Awards partners include Macquarie Bank, MLC, Westpac, Dow Jones and Sky News.
The Australian Business Excellence Awards are the highlight of the Better Business Conference, which every year offers attendees an opportunity to hear from some of Australia’s leading businesses including Resmed, Credit Suisse, Alcoa, Fremantle Ports, Shell, Transgrid, AMP, Citigroup, Mercer Consulting and MBF ClearView.
For stories on all the winners in this year’s Awards visit www.saiglobal.com/newsroom
To find out how your organisation can become involved in next year’s Awards, contact awards@saiglobal.com
High profile corporate scandals involving compliance continue to occur despite adverse publicity and heavy investment on internal controls. A new SAI Global-supported study at Monash University aims to increase understanding organisational behaviour and its relationship with general regulatory compliance …
The initiative is a major industry-based collaborative research project undertaken by the Monash Centre of Organisational Research and Psychology and the Monash Centre for Regulatory Studies at Monash University.
The project stems from the growing realization that the success of compliance programs is subject to the engagement of employees. For example, legal scholars argue that simply implementing a compliance system will not lead to full or sustainable compliance. Others maintain that organisational culture may be a leading risk factor in compromised compliance and corporate integrity.
In the recent HIH Royal Commission (2003), the Hon. Justice Owen claimed that the problems with the corporate culture at HIH which could be directly linked to poor decision-making were ‘blind faith’ in an incompetent leadership.
Yet there has been relatively little industry research investment directed toward understanding organizational behaviour and its relationship with general regulatory compliance within a ‘normal’ business context.
Specifically, the research intends to uncover what makes employees comply with organizational rules and Standards, including those underpinned by legislation and regulation? What characterizes a ‘positive’ organizational compliance culture? And, importantly, what can corporate leaders do to encourage compliance behaviour through culture?
You can download information about this project from www.saiglobal.com, or contact Lisa Interligi, Project Manager at Lisa.Interligi@med.monash.edu.au
back to top