New ISO/IEC 27040 – Security for Data Storage

There’s a new document meant to help all of you challenged by keeping stored data secure in an ever changing IT environment.  It’s ISO/IEC 27040, “Information technology – Security techniques – Storage security,” and it’s available now from Document Center Inc.  You can get a copy in paper format, for pdf download or as part of our multi-user Standards Online subscription service.  The document is a set of guidelines for any organization’s storage security, particularly in meeting the requirements of ISO/IEC 27001 for ISMS (Information Security Management System).

Who should be using this standard?  Any IT manager and staff who are tasked with assessing the risk of data breaches and providing the organization with robust storage security controls.  You may even find it helpful when working with third parties.  And if you’re in the process of implementing ISO/IEC 27002, “Information technology – Security techniques – Code of practice for information security controls,” you’ll be able to use the extended guidance this standard provides with regards to your data storage concerns.

What is addressed in ISO/IEC 27040?  The standard is a detailed guide to how organizations can define an appropriate level of risk mitigation using a well-proven and consistent approach to all phases of securing data.  This including planning, documentation, and implementation issues.  And it covers a variety of devices and media as well as the entire life-cycle of information and the applicable storage devices.

The 118-page document is technical in nature, but still can be used by non-technical personnel.  It will provide you with an overview of the topic and concepts.  It will show you what threats, design and control aspects are associated with typical storage scenarios.  And it will help you understand the relationship of this standard to other documents appropriate to the issue of data storage.

Not only does ISO/IEC 27040 cover the basics but it also gives you a lengthy review of a multitude of storage control tools and architectures.  Clause 7 then reviews how to design and implement your storage security strategy with specific guidance on:

  • Storage security design principles,
  • Data reliability, availability, and resilience,
  • Data retention,
  • Data confidentiality and integrity,
  • Virtualization, and
  • Design and implementation considerations.

The standard is completed by the inclusion of 3 Annexes, one for media sanitization, one for selecting appropriate storage security controls, and one on important security concepts.  A 75-item Bibliography completes the document.

If you are directly responsible for the security of data in your organization or manage those who are, you owe it to yourself and your organization to review this document.  You can easily order it at the Document Center Inc. webstore at www.document-center.com.  Or you can contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com).  We’ve been working with folks like you to promote quality, health and safety, and engineering excellence through the use of standards since 1982.  Make us your Standards Experts!

Published by

Claudia Bach

Claudia Bach is the President of Document Center Inc. and a world-wide recognized expert on Standards and Standards Distribution. You can connect with her on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *