Aston Information Security logo
     information security
 security spacer information security graphic
        your information and network security needs taken care of
TEL: +44 (0) 845 643 2460     


The author of the Melissa virus was sentenced to 20 months imprisonment, a $5,000 fine and community service. The cost of the virus is estimated at $80 million.

 


COMPLIANCE

Operational compliance has been brought to the fore of the corporate agenda in recent years. This ascendance has been driven by a number of ‘codes’ and legislation aimed at ensuring that there is a sound system of controls in an organisation to address its risks.

Aston Information Security consultants have conducted numerous audits covering:-
bullet  Sarbanes-Oxley
bullet  Basel II
bullet  Data Protection and Freedom of Information Acts
bullet  Payment Card Industry Data Security Standard

Sarbanes-Oxley (SOX)
Sarbanes-Oxley is federal legislation enacted in the wake of accounting scandals at Enron and WorldCom that devastated the companies, wiped out shareholders and left many employees with no retirement benefits.

Aston's SOX audit will produce a gap analysis for clients with practical solutions.

Sarbanes-Oxley is US legislation introduced after the accounting scandals at Enron and WorldCom that destroyed the companies and wiped out shareholders, and is aimed at promoting better corporate governance and accountability.

Without a doubt, the Sarbanes-Oxley Act is the single most important piece of legislation affecting corporate governance, financial disclosure and the practice of public accounting since the US securities laws of the early 1930s.

Basel II
While Basel II is aimed at financial services groups, it also affects their trading partners

Our audit team can assess the level of compliance of financial services clients against Basel 2 as well as the companies they outsource too

Basel 2 requires firms to better assess and manage the risks they face and requires banks to make capital provision to cover risk of fraud, lawsuits resulting from systems failure. This will necessitate wide-ranging changes to IT systems worldwide.

There are also implications and opportunities for those providing outsourced business processes and IT services. Organisations need to assess providers' capabilities to meet Basel II requirements for the operational elements they are managing, and also have in place the appropriate feedback loops into the systems and processes the client maintains internally.

Security of client data with such service providers is still the responsibility of the outsourcer, hence, the International Standard in Information Security, ISO 27001, is becoming more of a demand made by the outsourcer on service providers.

Data Protection and Freedom of Information Acts
The Data Protection Act brings along numerous changes to the law on data protection and now includes a number of criminal offences. Cognisance must be paid to Principle 7, which concerns the security of information held. The Information Commissioner has “named and shamed” a number of UK companies for not protecting the personal data of the public.

We have a huge amount of experience in Data Flow Audits to ensure compliance with the Data Protection Act.

Information Audits can be used as part of the Risk Assessment to identify the data that the client holds and assess the importance of that data in terms of:- bullet  Keeping it confidential
bullet  Ensuring its integrity
bullet  Making sure that the most important data is available
bullet  Legislation is being complied with
up
 
 
home - services - audit - ISO Standards - Contact