• Conference on DVD
• Conference 2010
• Contact the Conference Office
• Conference 2009
• Conference 2008
• Programme
• Sessions and Speakers
• Sponsors
• Exhibitors
• Exhibition Floor Plan
• Conference Site Visits
• Master Classes
• Travelling to Edinburgh
• Accommodation
• Delegates
• Conference 2007
• Conference 2006
• Conference 2005
• Speakers Past and Present

Information Security: Applying ISO27001 and risk assessment to records management

Information and records are valuable resources within organisations that need to be protected. Many organisations focus on the protection of their electronic information assets against the risks of loss, misuse, disclosure or corruption. This process is commonly referred to as information security management.

Information security management enables the sharing of information in a manner that ensures the appropriate protection of that information. Risk assessment and management, continuity planning and disaster recovery programmes should all form a part of any information security management system. The aim is to protect information from a wide range of threats in order to:

Minimise the impact of a security breach; safeguard the accuracy and completeness of information; ensure that information is accessible only to those authorised to have access; ensure that authorised users have access to information as, and when, required; maximise return on investments and business opportunities.

Good information security is essential for implementing successful records management. In this workshop, Richard Jeffrey-Cook looks at ISO 27001, the international standard for information security management systems. He will demonstrate how the controls that are applied for information security can be adapted to information management.

ISO 27001 requires a risk managment approach to be adopted to determine the priorities for planning information security improvements and deciding what level of resources should be deployed. This session demonstrates how the same approach can be used to justify an information management strategy and to help build the business case for records management improvements.

Jeffrey-Cook.pdf (.pdf, 102.3 KB)

Richard Jeffrey-Cook, In-Form Consult Ltd

Richard Jeffrey-Cook is a Director In-Form Consult Ltd. Richard has over 20 years of implementing IT solutions to both public sector and private sector organisations and has supplied information management consultancy to, and implemented systems on behalf of, organisations including... more...

Related sessions

• What can we learn from Records Management within the University sector?
• Information Security: Disaster Recovery - Lessons Learned following a fire at an office at Stirling Council
• Records Management and Change: The Fun Bit - Changing Behaviours
• Your money and your life
• What we can learn from the private sector? (Oil and Gas)
• Records Management in the NHS - Opportunities and threats in the Information Governance agenda
• What can we learn from the Health sector?
• What can we learn from local government?
• Fundamentals of Getting Comfortable with Effective Public Speaking
• Living the Dream - the pleasures and pains of life as a self-employed Information Management Consultant
• What is it like being a records management consultant?