Alan Calder on IT Governance, information security & ISO 27001

One of the most worrying things I encounter time and again is how seldom growing businesses have proper disaster recovery plans in place. Statistically, few businesses that suffer a major data loss or business interruption survive for more than a year afterwards, and small businesses are the most vulnerable as they simply don´t have the resources to bounce back.

The issue for business owners, and also senior executives from larger enterprises, is usually a lack of time to learn about the subject from scratch. People know it is important, but as they don´t know where to start they procrastinate – which is fine until one morning their business is on the line.

I´m pleased to say that we have just launched a new book that I really believe could come to the rescue of such companies. ‘Disaster Recovery & Business Continuity’ is written specifically as a quick guide for small businesses and time poor executives who need to master the key facts in a hurry. It summarises best practice in a clear and jargon-free manner, meaning that readers can quickly get the right measures implemented in their own business.

Each of its 16 chapters is written in a Question & Answer format with real world examples providing helpful illustration throughout. Further resources are provided in the appendices, including templates, checklists and information on training. The book’s contents are applicable to organisations based anywhere in the world.

The book is priced at just £29.95/US$59.25/€44.52 and is available online here and in leading bookshops. It is considerably cheaper than a full scale business interruption, so there can be no excuses for not getting your house in order at last!

The recently launched ‘Aligning Cobit, ITIL and ISO 17799 for Business Benefit‘ is a welcome step toward making IT governance more usable for most organizations. There has long been confusion over which of these three frameworks is really an IT governance framework; for an equal length of time, the answer has been that each is a component of such a framework, as I proposed in IT Governance Today: a Practitioner’s Handbook earlier this year.

While I’m delighed at this progress, there is (as I’ve already argued) further still to go in integrating and simplifying IT governance frameworks, and I will be taking this further in the 2nd edition of the Practitioner’s Handbook when it is published early next year.

ISO 27001 finally made its debut last week – in fact, a bit earlier than many were expecting. However, I’m pleased to say that we were ready to go with our new books and toolkit, which were all launched straightaway. ‘The Case for ISO 27001‘ is an eBook we have written for non-technical directors and managers to help explain why information security is a C-Suite responsibility, and how the new standard meets the needs of corporate IT infrastructure, information risk and regulatory compliance. ‘Nine Steps to Success – an ISO 27001 Implementation Overview’ eBook is a practical guide for IT security project managers – it provides a rigorous approach to enable compliance and certification to be achieved efficiently. To help the whole process happen, we’ve also launched an ‘ISO 27001 Toolkit’ (based on our popular BS 7799 Toolkit), which is a comprehensive ‘do-it-yourself’ programme for achieving ISO 27001 compliance without calling in expensive consultants. If you’re interested, you can check them out and buy online at www.itgovernance.co.uk/bs7799.aspx.