Global standards organisation BSI is urging Australian companies to adopt the revised ISO 27001 information security standard as part of their security plan.
BSI CEO Howard Kerr told Computerworld Australia that only 100 Australian companies have taken up the standard since it was updated in October 2013. In contrast, over 1000 organisations in the UK are using ISO 27001. The standard was revised as it is now eight years old.
“The rate of uptake in Australia is about half what it is globally and I don’t know why. The issues are exactly the same here,” he said.
To remedy this, BSI is working to raise awareness about the standard in Australia.
“Our view is that this is all part of an organisation’s risk management. Information security is no different to managing health and safety or business continuity,” he said.
“Through training and certification, it is an internationally recognised best practice which they can adopt as part of that process.”
- Some Australian businesses unaware of Privacy Act changes: survey
- ACMA calls for cloud code of conduct
- Privacy Commissioner launches Guide to Information Security
ISO 27001 has a new focus on organisations measuring and evaluating security performance. For example, the standard now requires organisations to identify security risks that apply to them and have mitigations in place.
Enterprises also need to have action plans to address security risks and opportunities.
“Information security is now being shared in increasingly complex supply chains, you’ve got much bigger volumes of data and information shared on public platforms such as social media,” Kerr said.
“More consumers don’t want personal data to be shared without their approval. There is much more scrutiny on organisations to protect the data that they have got and minimise the risk of leakage and abuse.”
Follow Hamish Barwick on Twitter: @HamishBarwick