Addressing the readers of Risk UK, Shaun Oakes explains how access control is a vital factor for those organisations presently working towards ISO 27001 accreditation.
The security of information or data storage is becoming increasingly important to every organisation with their Information Security Management System (ISMS) now recognised as virtually a yardstick of their professionalism and integrity. The 2013 upgrading of the original ISO/IEC 27001 standard created a universally recognised benchmark by which all organisations could be judged before entering into commercial relationships and, as such, has become an extremely valuable asset for companies, highlighting the importance they place on data security as part of Best Practice in business.
While no ISMS can guarantee perfect security, and security breaches over the last few years have been well documented, ISO/IEC 27001 accreditation will not only help businesses manage the security of their data, but will also advertise this expertise to existing and potential clients.
For its part, the standard looks at a number of core sections, which include IT systems, business processes and, most importantly of all, people.
An integral element of the accreditation process (Section A.11) deals with access control, looking at key areas such as user access management, user registration and password management. Here, the use of biometric security systems with fingerprint recognition readers enables organisations to not only cover all requirements of the standard, but also facilitate additional security measures should they be required to significantly reduce the risk of security breaches and cyber attacks.
Of course, many end user organisations rely simply on swipe cards or a numeric PIN entry access system, but while access PINs can be passed around or even guessed, with key cards sharing many of the same downfalls as well as increasing costs due to replacing lost/damaged cards, biometric security systems bypass many of these vulnerabilities. They’re becoming increasingly popular. Fingerprints, for example, are unique to each individual – unlike codes or key cards, they cannot be passed around or shared.
The implementation of the latest biometric recognition systems allows the host organisation to secure commercial sites worldwide, adding an additional layer of safety to the business’ access control infrastructure. Each site’s visitor movements can be accurately monitored in real-time from the access control system with certain areas restricted if needed. This provides the organisation with a sophisticated level of personnel movement information. This is vital for Health and Safety and fire roll-call protocols.
Put simply, ISO 27001 is now the standard by which the security of an organisations’ data is judged. Companies without the accreditation, or those that rely on old technology, may well be excluded when the time comes to tender for major contracts.
Shaun Oakes is Managing Director of ievo Ltd