Dubai Holding awarded ISO/IEC 27001:2005

DUBAI, 6 February 2007: Dubai Holding has been certified for ISO/IEC 27001:2005, the ultimate recognition for Information Security, following an audit conducted by BSI Management Systems.

ISO/IEC 27001:2005 (formerly BS 7799-2:2002) is a standard setting out the requirements for an Information Security Management System. It helps identify, manage and minimise the range of threats to which information is regularly subjected. The standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and provide confidence to interested parties, including an organisation's customers.

Sabri Hamed Al Azazi, Chief Information Officer of Dubai Holding, said: "Dubai Holding regards Information Security as a business enabler, and by focusing on this aspect of the business, our intention is to protect the interests of all stakeholders. The ISO/IEC 27001 endorses our systematic approach to Information Security, while reiterating our commitment to international standards of excellence."

"Dubai Holding's mission is to develop diverse and mega infrastructure and investment projects in Dubai, as well as plan and execute similar projects in the future. Following global best practices in ISMS is of vital importance. ISO/IEC 27001 will give us the competitive edge to move ahead with confidence."

ISO/IEC 27001 certification involves a two-stage audit process. The first step is a 'table top' review of the existence and completeness of key documentation such as the Security Policy, Statement of Applicability, and Information Security Management System (ISMS). The second stage is a detailed, in-depth audit involving testing the existence and effectiveness of the controls as well as their supporting documentation. Certification involves periodic reviews to confirm that the ISMS continues to be operated as intended.

Mohamed Sabah Mohamed, Director of Information Security, Dubai Holding, said: "Certification of an organisation's Information Security Management System, against ISO/IEC 27001, is an endorsement that the organisation is fully equipped to prevent computer-assisted fraud, sabotage and viruses, and is protected against any vital information being accessed without authority, or corrupted."

ISO/IEC 27001 simply means the certified organisation takes information security very seriously, for the benefit of trading partners and customers alike. As Dubai Holding directs some of the most important projects and initiatives in the region, ISO/IEC 27001 will strengthen the credibility to its business model.
The certification will also increase customer confidence in Dubai Holding, with most international invitations to tender insist on ISO/IEC 27001 compliance.

Further, protection against security breaches would mean considerable savings, as such incidents involve huge costs. Other benefits include legal compliance demonstrating the organisation observes all applicable laws; better knowledge of information systems; employee awareness of security issues and scope for continual improvement.

Dubai Holding's IT division controls Information Security across all its entities, including companies operating in diverse sectors ranging from health, technology, finance, real estate, education, tourism, to energy, communication, industry, biotechnology and hospitality.

Information security is the protection of information to ensure confidentiality, integrity and availability of information to authorised users. It is achieved by applying controls such as policies, processes, procedures, organisational structures, and software and hardware functions.