Security of Data
The loss and compromise of sensitive data by the Revenue has left most of us dumbfounded as every security precaution that could have been provided to protect this data were totally ignored.
Security professionals across the country gasped in amazement as the story unfolded. If a private company had lost this amount of data the Data Protection Act would be invoked and a criminal investigation and prosecution would follow. Will this happen in this case? I doubt it. Will the truth come out? Again I doubt it particularly as Civil Servants have been told to keep quiet or risk prosecution under the Official Secrets Act.
Government departments with their immunity from prosecution are often cavalier with the rules that apply to the rest of us.
This scandal should bring down the Government or as an absolute minimum result in the sacking of the Chancellor.
However for the law-abiding and professional users of data here are the basic precautions that should be taken when transmitting sensitive data:
These are the basics which seem to have been ignored by the custodians of our personal information.
If the Government is to hold even more data (ID cards for example) then their systems have to be bomb proof.
Industry is adopting ISO27001 - information security management - to protect data and so it should. It is a sad reflection on HMG that these standards are not adopted by them.
Security professionals across the country gasped in amazement as the story unfolded. If a private company had lost this amount of data the Data Protection Act would be invoked and a criminal investigation and prosecution would follow. Will this happen in this case? I doubt it. Will the truth come out? Again I doubt it particularly as Civil Servants have been told to keep quiet or risk prosecution under the Official Secrets Act.
Government departments with their immunity from prosecution are often cavalier with the rules that apply to the rest of us.
This scandal should bring down the Government or as an absolute minimum result in the sacking of the Chancellor.
However for the law-abiding and professional users of data here are the basic precautions that should be taken when transmitting sensitive data:
- Never send data over the internet unless securely encrypted;
- Never send more data that is actually required;
- If data is to be burned onto CD or DVD, it must be properly authorised and the disks numbered, monitored and tracked.
- Never send disks of this type by post;
- If they need to be sent to another location, a hand to hand transfer is most secure followed by a data tracking delivery and lastly by a registered method.
- Once the disks have been used they should be returned to the originator by a secure method for destruction.
- If there is an apparent loss of disks then an immediate and high priority search should be made and interested parties informed.
These are the basics which seem to have been ignored by the custodians of our personal information.
If the Government is to hold even more data (ID cards for example) then their systems have to be bomb proof.
Industry is adopting ISO27001 - information security management - to protect data and so it should. It is a sad reflection on HMG that these standards are not adopted by them.
Labels: basic computer security, data, government
Posted: Sunday, 25 November 2007
BS OHSAS 18001:2007 - Health & Safety Management
18001 has at last been issued as a formal standard which can be assessed and a certificate issued. Previously the guidelines could be adopted but didn't carry the same weight as a British Standard. Many organisations wanted a recognisable occupational health and safety management system standard that could be assessed and certificated.
The format of the standard is similar to the template set for ISO9001 - the quality standard and ISO14001 - the environmental standard. The structure of all three standards allow for integration if desired.
There are elements of communality:
Many organisations are choosing the integrated approach to incorporate
'industry best practice' to maximise compliance to the raft of regulations
facing businesses today. Certification provides independent evidence of compliance which can be used to offset any problems in the quality, environmental of H & S areas.
The format of the standard is similar to the template set for ISO9001 - the quality standard and ISO14001 - the environmental standard. The structure of all three standards allow for integration if desired.
There are elements of communality:
- Management review
- Internal audit
- Non-conformity control
- Evaluation of compliance
- Performance measuring
- Document control
- Control of records
- Communication
- Competence, awareness and training
- Control of resources
- Objectives & targets
Many organisations are choosing the integrated approach to incorporate
'industry best practice' to maximise compliance to the raft of regulations
facing businesses today. Certification provides independent evidence of compliance which can be used to offset any problems in the quality, environmental of H & S areas.
Labels: 18001:2007, BS, Health, Management, OHSAS, safety
Posted: Saturday, 3 November 2007
0 Comments:
Post a Comment