Skip nav

ISO 27001 certification calls for robust policy control

Demonstrating stringent compliance with government data handling guidelines when tendering for, or fulfilling, government contracts has become a crucial factor for commercial success. With a reputation for integrity, innovation and quality Seetec, a leading provider of employment training services, has chosen to align its security practices to ISO 27001. This internationally recognized professional standard will be exploited to prove on-going data assurance to Seetec’s many public sector clients.

A prerequisite to IS0 27001 certification has been to ensure the completeness of Seetec’s security policies and procedures. Early in the project planning phase, management identified the need to replace the use of the intranet with a more robust policy control system prior to the ISO27001 certification audit.

The company chose Cryptzone’s Netconsent solution to fully automate the policy management process. Netconsent provides Seetec with a consistent mechanism to release, maintain, review and communicate ISO 27001 policies and associated documentation to employees. Increased management control is made possible through a flexible reporting framework, which will show employee acceptance of ISO27001 policy compliance requirements at any given moment. For auditors there is a fully documented audit trail.

“Management immediately recognized the benefits that Netconsent could bring to strengthen our security processes,” says Alan Flay, Information Security Manager at Seetec. “Netconsent addresses the documentation requirements of clause 4.3 within ISO 27001 in a way that could not have been achieved through our intranet.”

Netconsent was successfully piloted during the autumn with test policies to a selected group of staff. As part of the Netconsent recommended methodology program, training was given to policy authors and relevant managers in November. Key security policies were being rolled out to all employees at the end of the year in readiness to show compliance for the ISO27001 audit planned for Q1 of 2011.

Netconsent will automatically present Seetec employees with new and revised security policies at log on to ensure they are aware of ISO27001 requirements and agree to adhere to them. Netconsent also organizes policies, procedures and other related documentation in a way that is easy for people to navigate, search and find up-to-date information whenever they want to refer to it. “Because only one version of a policy will ever be in circulation, staff will always be clear about their responsibilities.” concludes Alan Flay.

-------- Notes to the editors ---------

Alan Flay, Information Security Manager at Seetec is available for interview to discuss how policy automation has helped with preparedness for ISO27001 audit.

Netconsent is exhibiting as part of Cryptzone on stand A64 at INFOSEC Europe, 19-21 April 2011, London.

For more information:
Nancy Rogers
PR & Communications Manager
Email: nancy.rogers@seetec.co.uk
Tel: 01702 201 070 Mobile: 07779 251 711

Beverley Stonehouse, UK Marketing Manager
Cryptzone UK Ltd
Email: pr@netconsent.com Tel: +44 (0)370 013 1600

About Seetec:
Seetec is passionately committed to empowering individuals and organisations to release their potential through its employment and training programmes and software solutions. With a reputation for integrity, innovation and quality its vision is to be recognised as the provider of first choice by job seekers, learners and employers alike. Also as a leading IT Training and software provider Seetec offers support, training and services to: individuals, training providers, businesses and healthcare organisations, across the UK, through its bespoke IT Training and software solutions. For more information visit: http://www.seetec.co.uk

About Cryptzone:
The Cryptzone Group is a technology innovator providing proactive IT security risk mitigation solutions within four key areas of expertise: policy compliance, content security, secure access and endpoint security. The company has offices in Sweden, UK, USA and Poland, as well as an extensive partner network with more than 150 global partners. Netconsent is leading software for policy management and e-delivery of essential communications. Netconsent automates the policy management life-cycle, assuring sound governance throughout the enterprise. By making policies and associated documentation more visible and enforceable Netconsent raises standards of individual accountability and conduct. More information about the company and its solutions can be found on http://www.cryptzone.com, http://www.se46.com and http://www.netconsent.com.

Cryptzone's share is listed on First North, Sweden, the Nordic alternative market operated by NASDAQ OMX. Certified Adviser is Thenberg & Kinde Fondkommission AB, +46 31-745 50 00.

About ISO27001
ISO/IEC 27001:2005 is an internationally recognized professional standard that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. For more information visit: http://www.iso.org/iso/catalogue_detail?csnumber=42103