BSI brings IT security standard up to date

The British Standards Institute (BSI) has unveiled a rewritten version of its information security standard to help companies improve their security policies in the wake of Melissa and CIH viruses, writes Steve Ranger.

The BSI said its BS7799 standard has been completely overhauled to address changes in technology and working practices, and now includes controls to help companies protect against viruses, hackers and fraud. The last revision was four years ago.

The new standard includes information on the risks of third-party access, what needs to be included in a third-party contract, and a subsection on outsourcing.

There are also sections on mobile computing and teleworking, and a wider discussion of viruses and electronic commerce as well as cryptographic policy, digital signatures and key management.

Wright Publications decided to work towards BS7799 certification because of spiralling maintenance costs for its email systems. It achieved certification a year ago. The technical publications specialist developed a data model of its computer systems as part of the project, and was able to identify deficiencies and duplications.

Commercial manager Howard Lockwood said that working towards BS7799, which took about three months, reduced his support costs, freed staff for other work, and improved customer relations. 'Customers are aware of the certification. We have been told that because of it, we are preferred over other suppliers,' he said.