Information security gap analysis

The project issues
The Council was considering implementing BS 7799 (now effectively ISO 27001) best practice standards in the ICT department and across the organisation. It wanted to establish how far compliance had already been achieved and to assess the costs and benefits of doing so. Socitm Consulting was asked to undertake a review of the Council’s compliance with BS 7799/1SO 27001 to date and make recommendations for improving information security to best practice standards.

The Socitm Consulting solution
We undertook a series of site visits to interview key staff in the ICT and audit departments and to inspect the physical and ICT environment from a security perspective.

We then produced a report detailing how far the Council had achieved compliance with BS 7799/1SO 27001 standards in the ICT department and organisation-wide, and the advantages and costs of achieving compliance.

We concluded that best practice in information security would be more effective if implemented across the organisation, but that there were a series of issues relating to practical and physical security the Council needed to resolve in order to implement BS 7799/1SO 27001 standards.

We made specific recommendations for improving the security environment, which were accepted and implemented by the Council as a basis to work towards full BS 7799//1SO 27001 compliance.

The benefits to the client
We were able to provide the Council with an expert and independent assessment of their progress in implementing information security best practice standards and a clear action plan for improvement. The Council’s own data, and personal and financial information belonging to customers and partner organisations, will be better protected in future.

Project identification
Client organisation: Calderdale Metropolitan Borough Council
Client contact: Ralph McNally, ICT Strategy and Operations Manager, 01422 393403, ralph.mcnally@calderdale.gov.uk 
Lead consultant: Christine Westlake
Project no: 5356