DNA database claims
ukcrypto@chiark.greenend.org.uk
ukcrypto at chiark.greenend.org.uk
Thu, 31 Jul 2008 16:01:19 +0100
>
> On 31 Jul 2008, at 08:42, Mary Hawking wrote:
>
>>
>>> I have found out that there is a Forensic Science Society
>>> <www.forensic-science-society.org.uk
>>> >
>>
>> Looking at the website, it doesn't look as though they include data
>> security or any other parts of IT in their definition of science..
>
> Nor do many organisations.
>
> I've just finished the triennial review of the 27001 certificate I
> maintain. I suspect it's not rigourous enough to satisfy David H, but
> it's not a walk in the park, and the fact that as a business we sink the
> resources into 27001 and have the board-level sponsorship to stop
> projects in their tracks and say ``no, that's not going to fly'' at least
> proves our seriousness if not, of itself, our competence. And even
> after three years of work on our ISMS, the fresh set of eyes we got from
> the triennial has pointed us in some new and interesting directions.
My take is that if an organisation is not at least 27001 compliant
(compliance should be attested by certification...), then it will not be
easy to attest that due care is being taken of the information they hold -
never mind any higher levels of assurance that may be required.
I did not discover the forensic science service as being 27001 certified,
although they have 9001.
http://www.bsigroup.com/en/Assessment-and-certification-services/Client-directory/CertificateClient-Directory-Search-Results/?pg=1&licencenumber=FS+24279&searchkey=companyXeqXforensic
BR
Mark
BR
Mark