ISO17799 Newsletter

1) The 'Perfect' Business Continuity Plan

Yes, we have published this one previously - but it is our favorite true story!

A major financial institution took pride in its business continuity planning, and had in place what it considered to be a comprehensive plan of the highest quality. Indeed, the plan itself had been fully tested only days prior to the fateful incident.

On a quiet Sunday afternoon, the tranquility was disturbed by a large explosion in their main office block in the center of a large city. It was not a bomb or terrorist incident, but a serious gas explosion.

The company confidently swung the BSP into full effect, almost as quickly as the media hit town, to immediately discover something that the plan, as good as it was, had overlooked! The streets were full of paper from the office containing a wide variety of confidential customer information. Sensitive data was lying around for any passer by or observer to simply pick up and read.

For all the planning and testing, a single security lapse had cost them dear, as this aspect of the incident was reported again and again.

The moral of the story is of course that the office clean desk policy, and secure filing of confidential data policy, can actually prove to be extremely important!

The link for this article located at OSI is no longer available.