TBS Backplane Service and Information Security
The ISO / IEC 27001 is the successor of the British Standard BS 7799-2:2002 (Information security management systems - Specification with guidance for use) and contains a list of control objectives and controls which have to be fulfilled to get the certificate to be compliant to the ISO27001.
The controls cover the overall spectrum of security relevant issues within a company.Main points are :
- Security policy
- Internal organization
- How to included external parties into the policy
- Definition of security sensitive areas and classification of information
- Protection against external threads
- Network security
- Exchange of information
- Access control
- Monitoring of external activities
- Network access control
- Operating system access control
In this context, the SSGD/TBS solution cannot cover all points especially as there are a lot of organizational issues included, but those points which are related to the Access/monitoring and control to the datacenter and the information can be fulfilled.
In Europe a lot of big companies have passed the audit already or are on the way to do so. And in the following step they are going is to demand from their business/delivery partners to have that certification too. That behavior is actually to be seen at most of the German carmakers and it effects companies at least all over Europe.
Actually (Sep 09) there are more the 5600 listed and the ranking of the most active countries is Japan, India, UK, Taiwan, China, Germany, Korea, US, …
The actual number of issued certificates can be checked under http://www.iso27001certificates.com
That clearly shows, that the standard can’t be seen as a European oriented one. Far more then 60 percent of the companies passing the audit are based in the ASIA/PAC region followed by Europe and the US. There is a global acceptance and the number of companies needing that certicifaction will grow over the next years.