The media is full of stories which highlight the importance of being vigilant when disposing of data. However, it is equally important to have systems in place to make sure important information is not lost or stolen while it is still in use, as news stories about confidential data being lost or breached are becoming more frequent.
The latest incident highlights the loss of medical data belonging to 800 patients at East Surrey Hospital after an unencrypted memory stick went missing. Alarmingly the incident was not isolated at the hospital – there were nine other near misses where data went missing but was later found.
Although we only hear about such cases when they have a specific public interest or happen to international organisations, the loss of confidential information can happen at companies of all sizes in all sectors. But such public incidents highlight the importance of putting in place the correct information control systems.
Much like a management system can be developed to maintain quality, environmental impact and health and safety, organisations should also look at developing their management system to maintain information security. It’s something that can readily be achieved through working to ISO 27000.
Its implementation not only helps identify an organisation’s information assets and any potential threats but the impact on the organisation if the loss of any information was to occur. It also demonstrates to end-users that the company is committed to security, has the ability to handle information in a secure manner and can respond quickly to any information security breaches or incidents.
Too many companies believe that achieving certification of their management system involves too much hard work, and isn’t necessary. But in an increasingly competitive market place, to be seen as a trusted organisation is critical. So can you afford not to have the right systems in place?