Certification Europe Reveals Guidelines for Securing Organisations Data

Share Article

Simon Loughran shares his industry experience of ISO 270001 and how it can aid Organisations fight against data breaches

“Certification Europe has seen a dramatic increase in the number of companies requesting to be ISO27001 or ISO20000 certified over the past eighteen months.

Information Security is of imminent importance to companies in today’s market place and every organisation is responsible for ensuring that their internal data is safe and secure from external threats. IT departments are coming under constant strains to secure company as the influx of mobile devices via BYOD; and services and apps via BYOS and BYOA has become the norm in organisations. The variety of devices and services being incorporated means that companies must start to control the situation by instigating internal policies around the usage of BYOD, BYOS and BYOA in the workplace.

“Advanced technological changes allow people to work outside the corporate networks on wireless and remote connectivity, which in turn facilitates easily accessible and shareable company information. This creates a new risk area for companies as it has moved outside of the established security perimeter that has been so meticulously developed. The solution is to develop subsequent selected security controls around the mobile devices and BYOD devices which are as stringent as those employed around company devices,” commented Simon Loughran, Lead Auditor, (Information Security, IT Services), Certification Europe.

“Certification Europe has seen a dramatic increase in the number of companies requesting to be ISO 27001 or ISO 20000 certified over the past eighteen months. These standards have become a prominent feature on tender documents which is driving companies to become certified in order to compete for business. I believe that ISO 27001 (ISMS) and ISO 20000 (ITSM) provide the greatest security opportunities for a company and should be considered by all organisations that are rolling out a BYOD policy within their organisation,” stated Simon Loughran.

It is advisable for companies to develop an organisational BYOD/BYOS security policy and integrate it into the corporate handbook to guide and supervise staff member’s use of mobile devices and to educate them around the IT and information security risks associated with using these devices within the organisation. Simon has developed the following guidelines for designing a BYOD policy via personal experience in auditing companies for Information Security and IT Services Management.

BYOD Security Policy Guidelines

1.    Categorise data in to low, medium and critically sensitive in order to ascertain what information can potentially be shared via staff’s personal devices.
2.    Network Access Controls such as unique firewall policies and static routes should be established to segregate traffic coming in from mobile devices.
3.    Device Selection should be dependent on the degree of possible control and security on them.
4.    Implement security technologies such as encryption and authentication on all devices.
5.    Utilize Remote Wipe Capabilities on all mobile devices.
6.    Roll out Incident Management policy and procedure protocol for employees who have lost devices which they have previously used to access company information.    
7.    Limit Third-Party Apps installation for unsigned third-party applications
8.    Use Intrusion Prevention / Detection Software (IPS/IDS) which examines traffic coming through mobile devices.
9.    Bluetooth should be disabled it is not actively transmitting information and switched to hidden mode at all other times.
10.    Data search: Test your business continuity plan by assessing were all your company information is stored; on what devices, how it is backed up and what your disaster recovery policies have been implemented.

Please visit our website http://www.certificationeurope.com to find out how we can aid you in securing your companies data via ISO certification.

Notes to the Editor
Certification Europe is an accredited certification body which provides International Organization for Standardization (ISO) management system certification and inspection services to organisations globally. ISO Standards provide a recognised framework to achieve best practice management. Certification Europe can certify your organisation to Quality (ISO 9001), Environmental (ISO 14001), Health & safety (OHSAS 18001), Energy (ISO 50001), Business Continuity (ISO 22301), IT Service (ISO 20000) and Information Security Management (ISO 27001). The company currently assesses over three thousand organisations internationally on an annual basis. Clients range from micro enterprise to multinationals and include Government Departments, State Bodies and private organisations. We provide AIC inspections Services within the Dry Cleaning and Vehicle Refinishers sector. Headquartered in Dublin, Ireland, Certification Europe has additional operations in the United Kingdom, Italy, Turkey and Japan.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Lisa Cunningham
Follow us on
Visit website