!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
Imagine if any of the assets below were to fall into ‘the wrong hands’ and it is very easy to see why we take your assets so seriously! We therefore offer our clients intensive training in these areas as part of due process.
Next Sale auction numbers
Auction computer system
Customer credit card details
Physical auction equipment
Customer Bid details
Post sale transaction details
Therefore as part of our commitment to the continuous improvement of the assets we have gained the Security & Quality Standard known as BS 7799 successfully implemented an “Information Security Management System”.
The objective of information security is to ensure business continuity and minimise business damage by preventing & minimising the impact of security incidents.
BS7799 sets out a systematic process whereby company information assets are first identified and then a risk assessment carried out on those assets. Information assets can include the obvious (e.g. Computers) but also the not so obvious (e.g. People).
Once the risk assessment is carried out the company can decide what residual level of risk is deemed to be acceptable. Any assets displaying risks above that level are therefore singled out for treatment to remedy the situation. The objective is to ensure that all the identified information assets are brought beneath that threshold and remain there.
The following steps must be adhered to:
● Creation of ISMS Policy
● Identification of Assets
● Risk Assessment of Assets
● Risk Treatment Plan
● Identification of Controlled Objectives
● Creation of Operational & Contingency Procedures
● Staff Training
● Monitoring and Review