2ndPerson records and tracks information security risks affecting our information assets.
It helps the organization comply with the requirements of the ISO 27001:2005 standard for
information security management. The application name "2ndPerson" relates to the 'segregation
of duties' as a security control. For critical business processes, a 'second person' is often
used so a single person does not have complete control over, for example, large financial
transactions. Segregation of duties can help ensure that mistakes are detected and the
potential for deliberate fraud is reduced.
Hillside Software is formally certified as meeting the BS 7799-2:2002 standard from which
the new ISO 27001 standard has been derived. We plan to upgrade our certification to new
international standard by the time Bureau Veritas, our certification body, next visits.
Every business needs to take the security of its own, and its customers’, information
and IT assets seriously. This is especially important with the very real threats posed
by the increased use of online systems and the Internet. Our certification to the BS7799
standard demonstrates that we have a structured approach to identifying and evaluating
the information security risks affecting our business. It also shows we implement
effective controls. The controls include use of virus detection software, encryption,
backups, firewalls, and a range of policies and working practices aimed at ensuring our
information and IT assets are available when needed -- intact, and only accessed by those
who are authorized to do so.
ISO certification means that our customers and partners have increased confidence in
our information security management arrangements. Finally, it shows that ‘we practice
what we preach,' which is important since a subset of our training courses portfolio
focuses on IT security topics.
|
