Energy, the Environment & Cyber Security
Exploring the Role of Energy in an Environmental Management System and Resulting Information Security Risks.
Introduction
This series of blogs will help organisations in achieving and maintaining certification to ISO 27001 and ISO 14001.
AvISO Consultancy and Assent Risk Management are working together to write a series of blogs that consider how implementing energy efficiency initiatives as part of ISO 14001 certified Environmental Management System (EMS) can also have implications on your ISO 27001 Information Security Management System (ISMS).
Over a series of 10 blogs, we will address energy in relation to some of the key clauses of ISO 14001:2015 and show how the new Annex SL Common Clause Structure can be used to manage the cyber and information security risks (and opportunities) that result.
- Assess the Aspects and Impacts for Energy Use in a Business
- How to Dispose of IT Assets
- ISO 14001: Energy and Legal Compliance
- Information Security Laws in the UK
- How to Monitor and Measure Energy as Part of an Environmental Management System
- Risks & Benefits of Network Connected Devices & Supporting
- What’s next: Continual Improvement & ISO 50001
- What’s next: Continual Improvement & ISO 27001
Overview
Energy use is a key concern of many businesses.
Whether the objective is to reduce running costs or become more environmentally sustainable, organisations can usually take some action such as:
- Choosing a better energy supplier;
- Maximising the efficiency of processes;
- Improved management of air-conditioning systems; or
- Simply switching things off when they are not being used.
In fact, energy is often the area where a business has the most influence and as such, it is likely to be determined as one of the significant environmental aspects in an ISO 14001:2015 system.
One of the most critical business functions reliant on a sustainable and reliable energy supply is I.T. In fact, the way an organisation manages its energy can have an impact across the Confidentiality, Integrity and Availability of its information assets.
Energy is required to power and protects I.T equipment, often affecting how long an I.T asset remains in service. At its End-of-Life, the way I.T equipment is processed and disposed of has potential consequences for the Environment and Information Security.
Both sustainability and cyber security are strong features of the UK Legislative agenda, and ISO Management Systems can be used to support compliance in both areas. We’ll look at common legal obligations placed on businesses and how they can be addressed.
One of the most important quotes in business management is
"If you can't measure it, you can't improve it (Peter Drucker)”
Smart devices are becoming a common way to support energy initiatives, by measuring energy and monitoring user habits, but often these devices are connected to your network presenting a security threat that could go unidentified.
Finally, since Denning’s Plan, Do, Check, Act cycle, continual improvement is the over-riding objective of any management system, and we’ll look at how you can achieve this in the long term.
The following series of blogs will look at this relationship in more detail, considering how energy, the environment and technology inter-play to both complement and oppose one-and-other.
Please make sure you follow the other blogs in the series to find out more about Energy, the Environment and Information security.
Guest Blog by Robert Clements
From Assent Risk Management – Part of a series by Assent Risk Management and AvISO Consultancy