Acuity users can view, control and manage their compliance in real- time against the leading ISF Standard of Good Practice

21 May 2009: The Information Security Forum (ISF) has signed an Intellectual Property (IP) licensing agreement with Acuity Risk Management, to integrate the ISF Standard of Good Practice for Information Security (the Standard) into Acuity’s STREAM risk and compliance management software.

As a result of the agreement, any users of STREAM will be able to view, control and manage their compliance in real time against the Standard as well as against other international standards such as ISO 27002 and Cobit.

With over 20 years experience and a global membership of 300 major companies and public sector bodies, the ISF is recognised as the world’s leading independent authority on information security. To date, the ISF has invested over US$100million in developing advanced information risk methodologies and benchmarking tools and has produced more than 400 authoritative reports that are free to its Members.

The agreement with Acuity marks a significant move to make ISF intellectual property more readily available. “We believe that integrating ISF IP into industry leading products such as Acuity’s STREAM will provide a range of important benefits to both ISF Members and non-Members and increase adoption of the ISF Standard of Good Practice,” said Prof. Howard A. Schmidt, President and CEO of the ISF.

Commenting on the agreement, Acuity’s Managing Director, Simon Marvell said: “For the first time, CISOs will have access to the ISF’s information security standard delivered through a tool they can use every day and in real-time to see their enterprise’s risk and compliance position. This is the start of an exceptionally important relationship for Acuity and we are excited about working with the Information Security Forum and its Member organisations.”

The Standard is based upon the results of an extensive work programme and the analysis and integration of other information security-related standards such as ISO 27002 and COBIT v4.1. It also embraces legal and regulatory requirements including the Sarbanes-Oxley Act 2002, Payment Card Industry (PCI) Data Security Standard, Basel II 1998, and the EU Directive on Data Protection.

Updates of the Standard draw on input from ISF Members through workshops, meetings and also the results of the ISF’s Benchmark Service.
The Standard provides key objectives and a clear overview of practical measures and activities needed to keep information risks under control across key sections: security management, critical business applications, computer installations, networks, systems development to end user environment. It covers the full scope of information security including important areas ranging from outsourcing, privacy, compliance and information risk analysis, to wireless communications, portable storage devices and critical desktop applications such as spreadsheets.

“By working with ISF IP Licensees such as Acuity, we believe that we can truly harness the full power of ISF Standards, Methodologies and Tools, which are widely recognised to be the best in the world,” said Howard Schmidt.
He added: “The move to commercialise ISF IP reflects a major milestone in the development of our organisation and is one of the new foundations that will provide a strong platform for the ongoing international expansion and influence of the ISF.”