The Knowsley Community Tradenet project has been recommended to receive registration to British Standard 7799.

It is an Information Security Management System that provides a well-proven framework to initiate, implement, maintain and manage information within an organization and help them manage their inherent vulnerability to Information Security issues.

This Information Security Management System is a series of documents such as a Risk Assessment (which rates the likelihood of the Integrity, Confidentiality and Availability of infrastructure such as laptops or network cabling being compromised) and an Information Security Member Policy (which every member of the team is expected to sign and which outlines things such as the process of reporting Information Security ‘incidents’ and the necessity of a ‘clear screen policy’ to protect data).

The Knowsley Community Tradenet team was assessed by auditors from the British Standards Institute across two days. Phase 1 of the assessment looked at the Information Security Management System in theory, examining the reasoning behind it and ensuring that there were no gaps or weak points that could be exploited. Phase 2 involved a ‘walk round’ of the Computer Centre in Huyton, home of the Tradenet project, looking at the Information Security Management System in practice and seeing how it was implemented on a day to day basis.

Both sets of auditors raised no non-conformities with British Standard 7799 and commented that

“The general implementation of the risk treatment plan can be considered as comprehensive and although the actual service is small in scope the overall Information Technology security within the supporting service is predominantly in place.”

Achieving the standard has involved eighteen months of work. Knowsley Community Tradenet is part of Knowsley Metropolitan Borough Council and is only the second local authority organisation (along with Caerphilly County Borough Council) to receive recommendation.