Keep Data Safe

An organization’s data is often its most valuable asset. Keeping it stored safely and effectively is increasingly a commercial and legal imperative. However, the process of managing it can be complex, covering not only how it is stored, but how to access it securely and communicate it across a wide range of media and devices.

Securely storing and protecting data requires a lot more than a simple back up. A new standard for data storage security ensures your valuable information stays in safe hands.

ISO 27040:2015 Information technology – Security techniques – Storage security

The new ISO 27040 standard provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of information where it is stored and to the security of the information being transferred across the communication links associated with storage.

Storage security includes the security of devices and media, the security of management activities related to the devices and media, the security of applications and services, and security relevant to end-users during the lifetime of devices and media and after end of use.

ISO 27040:2015 provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.

Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. You can order the standard at this ANSI web page or at this ISO web page.

This article was based on information at the ISO web site about ISO 27040:2015.