Information security gap analysis
The project issues
The Council was considering implementing BS 7799 (now effectively ISO 27001) best practice standards in the ICT department and across the organisation. It wanted to establish how far compliance had already been achieved and to assess the costs and benefits of doing so. Socitm Consulting was asked to undertake a review of the Council’s compliance with BS 7799/1SO 27001 to date and make recommendations for improving information security to best practice standards.
The Socitm Consulting solution
We undertook a series of site visits to interview key staff in the ICT and audit departments and to inspect the physical and ICT environment from a security perspective.
We then produced a report detailing how far the Council had achieved compliance with BS 7799/1SO 27001 standards in the ICT department and organisation-wide, and the advantages and costs of achieving compliance.
We concluded that best practice in information security would be more effective if implemented across the organisation, but that there were a series of issues relating to practical and physical security the Council needed to resolve in order to implement BS 7799/1SO 27001 standards.
We made specific recommendations for improving the security environment, which were accepted and implemented by the Council as a basis to work towards full BS 7799//1SO 27001 compliance.
The benefits to the client
We were able to provide the Council with an expert and independent assessment of their progress in implementing information security best practice standards and a clear action plan for improvement. The Council’s own data, and personal and financial information belonging to customers and partner organisations, will be better protected in future.
Client organisation: Calderdale Metropolitan Borough Council
Client contact: Ralph McNally, ICT Strategy and Operations Manager, 01422 393403, firstname.lastname@example.org
Lead consultant: Christine Westlake
Project no: 5356
You may also be interested in these items
- Our services
- Managing information - your greatest asset
- Security testing can find more than you expected
- Information security & legislation compliance management review
- Council of the Future
- Document management strategy
- Information Sharing Pilot Project
- Our web services
- Creating the perfect website
- Essentials for a perfect website
- ISO27001 scoping
- Information management
- Corporate-wide EDRMS
- Data Protection Act compliance programme
- Audit of PC disposal procedures