BSI British Standards Addresses Data Protection after HMRC ID Security Breach
December 5, 2007 // Published as a news service by IHS
| |
| Electronics & Telecom Docs |
IHS sells a full selection of standards documents & collections from the industry's top organizations.
To learn more, and for a free quote, please complete the form below. |
|
BSI British Standards is providing guidance on information security and data protection in response to an identification security breach that occurred in November at HM Revenue & Customs (HMRC).
Two computer discs holding the personal details of families in the U.K. with children under 16 "went missing," according to the British Broadcasting Corp. (BBC).
The child benefit data on the discs included names, addresses, dates of birth, national insurance numbers and, where relevant, bank details of 25 million people, said the BBC.
"The events . . . will force many organizations to reassess their handling of valuable data," said Mike Low, director of BSI British Standards.
"A range of British standards in this area can provide a structured approach to information security and data protection. Specific guidance and the opportunity for independent third party certification are also available."
"Last year 62% of businesses reported information security issues, but with a range of international standards, detailed guidance, certification and training available, there are well established business tools available to all types of organisations to manage such risks," said Low.
Information security
Making sure the right people, processes, procedures and technology are in place is important to the protection of information assets, according to BSI British Standards. British standards on information security help minimize possible harm to organizations caused by deliberate or accidental acts.
British Standards (BS) International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 is a risk-based management system, which provides an approach to information security and protects information regardless of format, said BSI British Standards.
BS ISO/IEC 27001 is a certifiable standard, which means organizations can seek independent third party verification of its information management performance, said BSI British Standards.
ISO/IEC 27002 is a code of practice developed to build best practice in information security and assist an organization in implementing an information security management system. The standard covers information security topics including security policies, asset control and personnel security.
Data protection
BSI Data Protection Guide (BIP 0012) was prepared with the assistance of the Information Commissioner's Office (ICO) and U.K. industry, said BSI British Standards.
It is designed to provide guidance on implementing the Data Protection Act (1998) legislation and deals with areas such as e-mail policy, database management, subject access and e-commerce, said BSI British Standards.
Work is in progress on a new data protection standard, which will provide organizations with a method of assessing and demonstrating their compliance with the requirements of the Data Protection Act (1998), according to BSI British Standards.
Source: BSI Group.