PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2002

How ISO 17799 certification helped St. Jude Medical formalize security

When David Stacy became the global IT security manager at St. Jude Medical, he faced the daunting task of drafting and implementing the company's first InfoSec policy. To get his arms around what needed to be done, he turned to ISO 17799. "We decided that we needed a policy, or a set of policies, and then we needed standards," says Stacy. "Our interpretation of [ISO 17799] is the policy expresses management's intent. It's very high level that's intended to have a long life for practices. It's kind of like motherhood and apple pie; you don't expect them to change over time." A $1.4 billion medical equipment manufacturer with operations around the globe, St. Jude is highly dependent on its computer resources. From the outset, Stacy knew ISO 17799 wouldn't provide him everything he needed to build a security policy for such a large organization. However, it proved a valuable tool for crafting a policy that set the security expectations for his company's 3,500 computer users. "In approaching that task, I asked: How are we going to ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue