Articles: Blogs

ISO27001 Experts Can Help Companies Meet Stringent Californian Information Security Legislation With Comprehensive Toolkit

Press Releases - 3rd October 2008
ISO27001 Experts Can Help Companies Meet Stringent Californian Information Security Legislation With Comprehensive Toolkit

Ely, England, October 3, 2008 — Independent UK security experts IT Governance, the world’s leading specialist publisher of books and tools for ISO27001/27002 implementation, have adapted their best-selling information security toolkit so that it will work specifically for the California SB-1386 compliance regulation. The toolkit helps organisations apply recognised best practice to protect themselves from the consequences of a data breach. The need for such guidance is particularly acute in today’s increasingly dangerous online world.

This legislation deals with the security of personal information and is applicable to all organisations (state/government agencies, non-profit, companies of all sizes, regardless of geographic location, so UK firms too) holding personal data on any person living in California. SB-1386 requires such information holders to disclose any unauthorised access of computerised data files containing personal information.

In response, IT Governance’s comprehensive SB-1386 & ISO27002 Implementation Toolkit is specifically designed by experts in data compliance legislation to guide organisations on how to conform to SB-1386. The toolkit conforms to ISO27002 and, if desired, also helps organisations prepare for any external certification process that would demonstrate conformance with such a standard. The State of California has itself formally adopted ISO/IEC 27002 as its standard for information security and recommended that organisations use this standard as guidance in their efforts to comply with California law.

Available through IT Governance’s specialist information security compliance website, the toolkit is available on a standalone basis or as part of a comprehensive suite that includes vsRisk™ and ISO27002 itself. It comprises:

  • The ‘SB-1386 Documentation Toolkit’, a download with nearly 400 densely-packed pages of fit-for-purpose policies and procedures ensuring full compliance with SB-1386.
  • ‘International IT Governance: An Executive Guide to ISO 17799/ISO 27001’ (Soft Cover), the US version of the long-established world-leading manual on designing and implementing an Information Security Management System (ISMS) in line with the best-practice guidance of ISO27001/ISO17799.
  • ‘vsRisk™- the Definitive ISO 27001: 2005-Compliant Information Security Risk Assessment Tool’, which automates and delivers an ISO/IEC 27001-compliant risk assessment and can assess confidentiality, integrity and availability for each of business, legal and contractual aspects of information assets – as required by ISO 27001. Providing a comprehensive best-practice alignment, it supports ISO 27001 and 27002 (ISO/IEC 17799) disciplines, and is ISO/IEC 27005 and NIST SP 800-30 compliant. It also offers a wizard-based approach that simplifies and accelerates the risk assessment process, plus integrates and regularly updates BS7799-3 compliant threat and vulnerability databases.
  • Finally, an electronic copy of the ‘Information Security Standard ISO/IEC 27002’ (formerly ISO 17799) is included.

“Adhering to the Californian Senate Bill 1386 is crucial for any organisation dealing with the personal information of individuals based in California,” says Alan Calder, Chief Executive of IT Governance. “Failure to comply by not informing individuals when their personal information has been compromised, or even if a suspected breach has taken place, can have catastrophic consequences on your ability to operate in one of the most important global economic areas.

“The toolkit gives managers the background and insight they need to protect against data breaches. With our increasing interconnectedness, this is more critical than ever.”

The SB-1386 & ISO27002 Implementation Toolkit is priced at $3,139.90 and can be downloaded from



IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance and is a leading authority on data security and IT governance for business and the public sector. IT Governance takes a firmly ‘non-geek’ approach, dealing with IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at

To view all the latest IT Governance news, click here.

California Senate Bill 1386 (SB-1386), also known as the California Security Breach Information Act, is a Californian State law which came into effect on July 1st 2003. It has specific and restrictive privacy breach reporting requirements. SB-1386 requires companies that collect and hold personal information on Californian residents – whether customers, employees, or individuals involved in some facet of the business – to notify immediately each person on their database should an information security breach occur or if one is suspected. (Encrypted data is excluded from this requirement.)