subject: Iso 27001 And The Data Protection Act [print this page] Recently we have seen a shift in the importance placed on the Data Protection Act and there are more and more instances when we have seen in the media that companies have had their reputations majorly harmed by a data protection error. It is becoming more and more important that customers and clients are able to depend on a company and are sure that their data is safe. ISO 27001 ensures that you are covering the Data Protection Act while implementing an Information Security Management System (ISMS) to keep really up to date on the procedures surrounding data security.
Although making sure your software covers all risks is extremely important, without a system in place to manage all the procedures involved in the process there could be confusion and this is where ISO 27001 really comes into its own.
With regards to computer security it is important that you have a firewall, that your systems are covered with antivirus software and that they are constantly updated, back-ups are conducted regularly and any relevant data is encrypted. When implementing ISO 27001 the method of putting in place an ISMS really means that no stone is left unturned, the system has a plan, do, check, act methodology behind it. This means that initially a plan is made and risks are assessed to see where issues could lie, secondly a plan is put in place while considering the risks that have been found so that they are covered, the system then constantly reviews and develops itself and if anything is found which will affect the success of the system it is then solved.
The major issue with Data Protection is often not fighting the external malicious threats such as hackers or viruses as the software put in place will cover these risks as they will update themselves properly but ensuring that mistakes do not happen internally. ISO 27001 covers this as well, the ISMS means that everyone in the company is aware of their responsibilities and knows what they have to do to keep the company data safe. Equally this raises awareness of the importance of data security which can often be a major barrier to overcome. It means that it is not solely left to the IT department to make sure that everything is running as it should and that everybody takes on a role within the business, ultimately reducing risks.
The Data Protection Act is a legal requirement for businesses, and it should not be taken lightly not only because it could harm a companys profits and reputation if anything were to go wrong but also because a company should be able to understand that it is their responsibility to ensure that their valued customers are looked after properly and ISO 27001 definitely sets them on the right track.