The South African Bureau of Standards (SABS) has announced the establishment of a sub-committee to develop a Code of Practice (COP) for South African information security management systems.
The committee will use the British Standard Institute`s BS 7799 COP as a baseline for its work. The BS 7799 is an international standard for information security control.
According to Piet Opperman, who serves on the sub-committee and is also president of the IT Users Council, it is in a company`s best interests to certify its information security procedures.
"Certification not only enhances customers` faith in the company, but should the company be involved in a lawsuit, its certification serves as proof of its commitment to security. Furthermore, companies that participate in e-commerce can request certification from their e-commerce partners who have access to their network. In this way, critical company information will not be compromised."
BS 7799 consists of two sections. Section One contains more than 100 information security control measures, which a company can apply to secure its systems. Part Two describes the process a company must follow to become BS 7799-certified. "Companies that comply with these specifications receive an official certificate of international certification," says Professor Basie von Solms, chairman of the SABS sub-committee. He regards Section One as an industry standard already due to its high adoption.
Made up of an IT focus group, the sub-committee is chaired by Von Solms of the Department of Computer Sciences at RAU.
Von Solms is currently the only Level One certified BS 7799 auditor outside England.
"BS 7799 has also been presented to the International Standards Organisation (ISO) and all indications are that it will be adopted as an ISO standard by the end of the year," says Von Solms.
As yet, no South African companies have achieved BS certification, but according to Von Solms, many are in the process of re-investigating their information security.
More information is available at http://www.c-cure.org/.
Share