Compliance programmes Standard – Standards launch, upcoming events, and interest from a number of different sectors
As advised in the May issue of Touchstone, Standards New Zealand has published NZS/AS 3806 – a Compliance programmes Standard. NZS/AS 3806:2006 is a modified adoption of the Australian Standard AS 3806, with a New Zealand-only amendment so it is suitable for use in New Zealand.
'The Compliance programmes Standard is at the core of everything we do in practising compliance,' says Martin Tolar, Chief Executive Officer of the Australasian Compliance Institute, which sponsored the adoption in New Zealand.
'It's been really interesting to see the diversity of interest in the Standard. We've had enquiries from people based in Singapore and Hong Kong, as well as in Australia and New Zealand. These people are glad that the Standard is now a joint New Zealand/Australian Standard as it is a step towards the creation of an international Standard, which is essential as more organisations seek to harmonise compliance frameworks across international jurisdictions. Looking closer to home, the creation of a joint Standard makes sense given the amount of trans-Tasman trade that takes place each year.'
Information security management systems – new international Standard
More and more organisations are implementing information security management systems (ISMS) as part of their risk management strategy. ISO/IEC 27000:2009, Information technology – Security techniques – Information security management systems – Overview and vocabulary, gives an overview of ISMS.
ISO/IEC 27000 provides an introduction to information security management and defines related terms. It applies to all types and sizes of organisations, for example, commercial enterprises, government agencies, and non-profit organisations. It helps organisations to understand the fundamentals, principles, and concepts to improve protection of their information assets.
Edward Humphreys, convenor of the working group, which developed the Standard, comments: 'Standardised security techniques are becoming mandatory requirements for e-commerce, health-care, telecoms, automotive, and many other application areas – in both the commercial and government sectors. ISO/IEC 27000:2009 aims to assist organisations more effectively achieve an appropriate level of information security.'
→ Buy ISO/IEC 27000:2009, Information technology – Security techniques – Information security management systems – Overview and vocabulary
→ Buy AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements
→ Buy AS/NZS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information management