Welcome to this, the seventh edition of The ISO27000 Newsletter, designed to keep you abreast of updates and developments with respect to the ISO 17799 information security standard.
The information contained in this newsletter is free to our subscribers and provides guidance on practical issues, plus commentary on recent Information Security incidents.
Included in this issue are the following topics:
BS7799-2 CERTIFICATIONS - SAMPLE SCOPE
When certification against the standard is sought, scoping is essential. This determines the parameters of the certificate. The following are some typical scoping statements from existing certificates:
"The operation of an Information Security Management System relating to the provision of a direct mailing service, including production, data handling and arrangement of delivery. This is in accordance with Statement of Applicability SOA 2002/1"
"The information security management of the operation in the provision of commercial insurance broker services, in accordance to the Statement of Applicability Issue 3.0"
"The management of information security in the provision of energy procurement and management services. This is in accordance with the Statement of Applicability v.02, 11/02"
"Management of Information Security in the provision of IT security solutions involving the planning, advice, project management and implementation of commercial and bespoke data security software and hardware. This is in accordance with the Statement of Applicability v1, date September 2002"
"The Information Security Management System in relation to internal and external services. This includes Training service of Information Security, Design/Integration of Security System and Network Security Consulting. This is in accordance with the Statement of Applicability issue V1.1 dated 2002/11/13"