Welcome to this, the fifth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to ISO 17799 and information security.
The information contained is free to our subscribers and provides guidance on a range of practical issues, plus commentary on recent Information Security incidents.
In this issue we focus specifically on the dangers of security complacency with everyday devices and technology. Included are the following topics:
ISO17799 SECTION 4: SERVICE LEVEL AGREEMENTS - THE SLAS
Service Level Agreements (SLAs) are actually relevant to several sections in the standard. However, section 4, focusing on security organization, gives perhaps the most focused coverage of agreements and contracts.
The SLA is actually an extremely important document. It defines the parameters of your service - whatever that service may be. It is the common basis of understanding between the parties involved.
Part of the definition of course should be focused upon security. Expectations and requirements should be fully embraced by this. However, it should also go much further, describing what actions are required in the event of problems, what happens if one party breaks the agreement, and so on.
Unfortunately, SLAs tend to be viewed in a similar way to business continuity plans: essential to have but a painful exercise! Well: that need not be the case. It is not actually necessary to re-invent the wheel.
EasyTec have recently released 'The SLA Toolkit'. The comprises a full SLA Template (MS-Word) and an interactive guide to take you through it. It also includes an audit checklist to review existing agreements and a training presentation to explain SLA's more fully and in some detail.
For information on this kit see: www.service-level-agreement.net.
Whichever approach you adopt, if you do not yet have an SLA for critical services, it is certainly time to address this.