South Africa`s own information security authority, ISIZA (Information Security Institute of South Africa) has been established. Under the leadership of renowned information security experts Piet Opperman and Professor Basie von Solms, ISIZA is geared to providing information security certification to organisations that comply with the Code of Practice (COP) for South African information security management systems.
"Electronic trading is becoming increasingly pervasive, and as more and more South African companies begin to embrace e-business practices, certification of their information security systems will become an essential prerequisite in order to exchange information globally," says Opperman. "In Europe, for example, companies may not exchange client information outside of the country unless they have proof that the organisation with which they are conversing has similar legislation in place and that legislation is being enforced."
The South African COP is currently under development by a sub-committee of the South African Bureau of Standards (SABS), and until it has been finalised, ISIZA will base its certification procedure on the internationally recognised British Standard Institute`s BS 7799 COP.
"The BS 7799 is widely accepted internationally as a standard for information security control and is being implemented by an increasing number of international companies," says Opperman. "BS 7799 has also been presented to the International Standards Organisation (ISO) and all indications are that it will be adopted as an ISO standard by the end of the year."
Organisations wishing to be ISIZA-certified will be, inter alia, required to undergo an extensive audit by an independent auditing firm to determine to what extent they comply with BS 7799 and the number of qualified and skilled information security professionals the organisation has in its employ. An appropriate certification grading (similar to the National Occupational Safety Association star grading system) will then be issued which, says Opperman, will have to be renewed annually.
ISIZA intends to form firm partnerships with leading auditing companies, as well as suppliers of information security tools and mechanisms to facilitate companies in meeting certification requirements. "Additionally, we will educate companies on information security and provide them with self-training material," Opperman adds.
He stresses that it is in a company`s best interests to certify its information security procedures. "Certification will not only enhance customers` faith in the company, but should the company be involved in a lawsuit, its certification serves as proof of its commitment to security," he says. "Furthermore, companies that participate in e-commerce can request certification from their e-commerce partners who have access to their network. In this way, critical company information will not be compromised."
"South African companies that neglect information security will soon find themselves stonewalled in the new economy. Companies that do not have a security policy, or do not enforce it will eventually be labeled as being vulnerable to information attacks. Eventually, their customers will start to question their security capabilities and they could begin to lose business," Opperman concludes.
Share