IT&T SECURITY FORUM


CERTIFICATION FORUM OF AUSTRALIA

CIRCULAR NO 529/99                                              
  28 October 1999

New certification Scheme 

You may or may not be aware that Standards Australia at the request of
industry stakeholders is setting up a certification scheme for AS/NZS
4444. For those who are not familiar with AS/NZS 4444 it is an
information security management standard based on a very popular British
standard - BS 7799. The standard takes a risk management approach to
protecting the integrity and security of an organisations information
assets. More details regarding the standard and certification system can
be found in the 'fact sheet' accompanying this message.



Key benefits 

The UK have already set up a successful certification system called
c:cure. The Australian scheme would leverage of the c:cure scheme and
work towards international recognition for certificates issued in
Australia. The scheme will have the core benefit of helping organisations
protect their valuable information resources using internationally
recognised industry best practice. Another benefit is developing high
levels of trust in e-commerce business-to-business,
business-to-government and business-to-consumer transactions. This will
act as an enabler of e-commerce and assist in protecting Australia's
information infrastructure. 


Action required 

To progress the scheme to the next step Standards Australia is required
to submit to the JAS-ANZ Board a business plan quantifying the
opportunities and threats of an Australian scheme to AS/NZS 4444. JAS-ANZ
will then be able to develop an accreditation system for the scheme. To
supply JAS-ANZ with a realistic plan we have developed brief survey that
is attached to this message. We would appreciate you completing the
survey or passing it on to the appropriate person in your organisation to
complete. The information supplied will not create any obligations, it is
for the purposes of providing indicative figures only. Please return
completed surveys by email to Mark Bezzina <Mark.Bezzina@standards.com.au>.

The JAS-ANZ Board meets for the last time this year on 25 November 1999,
so we will need to get all replies by 10 November 1999. Any data supplied
will be treated as confidential (if marked as such) and will only be
supplied to JAS-ANZ at a high level of aggregation. 


Need more information? 


Call Me on 0413 101 096. 


Thanks for taking the time to contribute to the development of the AS/NZS
4444 certification scheme. I look forward to your response.

Mark Bezzina