The advantages of compliance to the SANS/ISO 17799 Standard

1. Reduce the risk of losing valuable company information, and giving your
   competitors an unfair advantage.


2. Reduce the legal risks associated with information technology;
   
   a. Delictual liability for loss of third-party or personal information
   b. control the liabilities associated with the employee behavior, including
   inadvertent contracting, inappropriate use of Web-based resources
   c. Show best practice when confronted with claims for vacariouse liability
   for employee behavior, for example employees using unlicensed software, employees
   breaching copyright or employees engaging in the illegal file sharing activities.
   d. Delictual liability for loss caused the third parties by malicious software
   or similar
   e. Ensure policies are in place for disciplining employees for inappropriate
   behavior with respect to information technology.
   f. Ensure you have contractual controls to stop cyber crime and information
   theft.
   g. Ensure you have contractual controls over third parties who may have access
   to your system
   h. Reduce the risk of embarrassing or defamatory company information being
   leaked


3. Show "corporate good governance", specifically with reference
   to the King 2 report, where information security was outlined as a management
   or board responsibility.


4. Ensure that all electronic data is stored in your systems in such a way
   as it can be used for evidential purposes in either litigation or with respect
   to employment disputes. (In terms of the Electronic Communications and Transactions
   act 25 of 2002)


5. Ensure that all company records are stored so as to comply with various
   legislation requirements, such as the companies act. (Document retention and
   management)


6. Ensure the company complies with the (provisional) Data Protection Bill,
   that should be enacted later this year


7. Giving the company a comparative advantage when supplying too organisations
   or companies that also wish to comply with information security standards.
   This is specifically relevant to parties wishing to supply to the South African
   Government and all Government Departments as Government has made a commitment
   to compliance to this standard.


8. Giving the company a comparative advantage when dealing with European based
   companies, because of the European Directive on Data Protection which states
   is such companies may only outsource data processing where it involves personal
   information or similar to companies that can show "adequate security".


9. Reduce the risk of data corruption, or "incorrect data input"
   which could lead to company embarrassment, poor customer service or potential
   litigation.


10. Ensure that adequate disaster recovery mechanisms have been put into place.
    And show "best practice" with regards to limiting liability towards
    third parties should a disaster occur.


11. Ensure that all legal obligations in this area are adequately complied to.


12. Ensure that Information Security Management is practiced throughout the
    company, and is done so in a holistic manner, including physical security,
    personnel security, IT security and so forth.