There is no shortage of technology designed to protect electronic information (virus checkers, encryption, firewalls, data back-up tools, password protection etc).
But how do you know whether it is being applied correctly and works effectively? This is a management rather than a technical issue. For example, access to an organisation’s computer systems is normally controlled by username and password. However this precaution is pointless if a staff member chooses a password which is easily guessed or keeps a note of it on a pad next to the PC.
Security needs to be part of everyone’s everyday thinking, just like quality. The way to achieve this is to include information security within the scope of the organisation’s overall management system, as described on the Pondergrove main site.