Certification to 7799: why it makes a difference
1 October 2004
How confident are you that your company's important information is securely managed? How do you ensure the confidentiality, integrity and availability of your company's critical information, especially where you subcontract aspects of these information management activities?
7799: what it means
CITEC's recent certification to the Australian Standard AS/NZS 7799.2:2003 for Information Security Management Systems is evidence that we have the systems in place to protect your information.
CITEC's Manager, Service Quality & Strategies, Peter Marshall says the organisation's solutions are underpinned by the certification to this rigorous standard.
As the first end-to-end ICT services provider in Australia to gain this certification, the achievement is a significant one for CITEC.
“This certification shows that CITEC not only has the processes and practices in place to manage and sustain day to day operational security requirements, we also proactively identify initiatives to improve security, and take steps to incorporate these improvements into business processes,” Peter said.
“This methodical approach to identifying potential threats and vulnerabilities is supported by a managerial focus on compliance.”
CITEC's Security Coordination Committee is an operational body which tracks and manages security issues and trends in the organisation and its operating environment. The committee currently meets fortnightly and reports to the Management Information Security Forum, a quarterly forum of senior managers which focuses on broad security strategy.
How does the certification translate into tangible benefits for our clients?
“Our change management strategies have become more rigorous, and we have improved the maturity of our implementation of these strategies,” Peter said.
“We have structured processes for all activities, ranging from seemingly simple and innocuous security processes such as password resets, through to large scale infrastructure changes and their associated security issues.
“Reviews of user ID usage are conducted regularly to help identify any possible security vulnerabilities.
“The certification also requires CITEC to implement a methodical approach to risk management, particularly relating to the identification of threats and vulnerabilities.
“We have measures and metrics in place to understand our security performance.
“Generally, there is greater awareness of security-related incidents, requests, enquiries and changes.
“At CITEC we have focused on building a security culture that is sustainable in the long term, by making security a part of our everyday work practices, rather than a separate activity.”
The benefits for our clients result from this consistent approach to the way we do business.
SAI Global
SAI Global is one of the world's leading business publishing, training and assurance organisations with offices in Australia, New Zealand, the United States and across Asia. Through its extensive network of auditors, experts and training professionals SAI Global works with organisations to help them build better businesses.
