Alan Calder on IT Governance, information security & ISO 27001

Any organization based or operating in the United States needs to be prepared for possible lawsuits. Under the recently amended Federal Rules of Civil Procedure organizations face tough new requirements for preserving their electronically stored information, such as email and word-processingdocuments, so that it can swiftly be produced in the event of a lawsuit. However, even though legal demands are common for larger organizations, it appears that very few are ready for these new E-Discovery rules, leaving the majority open to costly fines and adverse rulings.

According to ESG Research, 91 percent of organizations with over 20,000 employees have been through an E-Discovery event in the past 12 months. However, amazingly, a recent survey of corporate attorneys by Pike and Fisher revealed that only 7 percent feel that their companies are ready to meet these new requirements.

Therefore, to help corporations adapt to the new requirements, we called on Bradley J Schaufenbuel, senior manager in IT Risk and Security at Zurich Financial Services in Illinois, to write ‘E-Discovery and the Federal Rules of Civil Procedure’ as the latest in our series of Practical IT Governance pocketguides. Over 68 pages, he provides an easily absorbed account of the background and detailsof the new rules and explains what organizations must do immediately to ready themselves for possible future lawsuits. It’s a must for any US organization preparing for the stark realities of life.The book is priced at $29.95 and in softback hard copy and may be ordered for shipping here; alternatively, an e-book version may be purchased for immediate download here.

Businesses and organisations operating within the United States face particular challenges when it comes to regulatory demands. This is keenly felt in the area of information security, where it is necessary to satisfy a complex web of regulations. ISO 27001 is something of a magic bullet for many of these demands, and the US has seen rapidly building interest in the new standard. To meet the need for information on this topic we have just launched www.27001.com, a new website that is specifically tailored to the United States and provides a one-stop-shop for all the key ISO27001/ISO17799 standards, books and tools currently available.

Through www.27001.com organisations can find out how an ISO27001 ISMS works with ISO17799 to help them meet their business needs for cost-effective information security, while at the same time meeting their information-related regulatory compliance objectives and preparing them for new and emerging regulations. US regulatory requirements currently addressed by the site include HIPAA, GLBA, SB 1386 and other State breach laws, PIPEDA, FISMA and EU Safe Harbor regulations.

We have aimed to make the site the Neiman Marcus of IT governance and security. It showcases the very best products and services currently available, including works by the most respected industry thinkers as well as uniquely focused products developed by us. Whether you need C-Suite guides to the regulatory landscape, or highly practical guides for project managers, it is all available in a single place.