Federal Reserve Bank of New York’s National Incident Response Team Becomes First in North America to Achieve Iso 27001 Certification for Information Security Best Practices


Press Release

May 15, 2006
Princeton, New Jersey

Churchill & Harriman Engaged for Pre-Certification Consulting

PRINCETON, NJ, May 15, 2006 – Churchill&Harriman (C&H), experts in risk assessment and mitigation services for more than a decade, announced a major milestone in information security: Its client, the Federal Reserve Bank of New York, is the first organization in North America to be certified to the new ISO/IEC 27001:2005 information security standard. C&H provided strategic implementation advice and documentation consulting for the Bank that preceded the certification.

C&H, a recognized leader in the international standards community, earned the distinction of being the first approved ISO 27001 and BS 25999 Associate Consultancy by a leading global Registrar. C&H is also a Leadership Team Member and certified Member Implementation Partner of the Secure Access For Everyone (SAFE)-BioPharma Association. SAFE delivers unique electronic identity credentials for legally enforceable and regulatory-compliant digital signatures across the global bio-pharmaceutical environment.

“The Federal Reserve Bank of New York is leading by example, and it will undoubtedly be the first in a tidal wave of U.S. organizations seeking independent, third-party verification of their information security management systems,” said Ken Peterson, chairman and CEO of C&H. “The significance of this milestone cannot be overstated.”

“The Bank recognized that certification to ISO 27001 would validate, enhance and acknowledge the security best practices already in place. The leadership and commitment of the project team was outstanding,” said Barry Kouns, lead C&H consultant on the engagement.

In the U.S., the regulatory and compliance requirements imposed by the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), and the Federal Information Security Management Act, among others, are all best met through the development of an ISMS (Information Security Management System) that is integrated, comprehensive and incorporates widely recognized best practices. ISO 27001 certification is an essential step toward effecting and demonstrating compliance with both current and future legislation.

About ISO/IEC 27001:2005

In July 2005, the British Standard, BS 7799-2:2002, was updated and released as a final draft standard in support of the June 2005 update to ISO/IEC 27001. On October 15, 2005, the International Organization for Standardization (ISO) released the final version of the standard as ISO/IEC 27001:2005. ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems, meaning their framework to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the organizations. The final version of ISO 27001:2005 is available now from ISO or BSI. More information is available at www.iso.org, www.bsiamericas.com and www.xisec.com.

About C&H

Founded in 1986, Churchill & Harriman (C&H) has been a leader in information technology consulting and experts in risk mitigation for over two decades. C&H serves Fortune 500 companies in the financial, life sciences, insurance, manufacturing and education sectors along with government entities. C&H has hands-on experience in leading both large and small organizations through the ISO/IEC 27001:2005 compliance and certification process. C&H also has a proven methodology to assist BS 7799-2:2002 certified organizations to upgrade to ISO 27001:2005. With expertise in information security, regulatory compliance, privacy and standards, C&H helps clients develop and implement controls and procedures that identify, value, and mitigate business risk. C&H also delivers compliance tools and training and communications support to help clients incorporate risk mitigation into everyday strategy.

Press Contact:

Churchill & Harriman
Email: info@chus.com