BVQI, an independent certification body, is hoping that 20 to 30 companies apply for certification by the end of this year and 100 companies by the end of 2007.

Teeradej Wibulpattanawong, lead assessor for BVQI (Thailand) Ltd, said companies that deal with bulk information - such as financial institutions, banks, insurance companies, hospitals, and some government agencies - would

benefit most from the new standard.

The standard is designed to help them develop and regiment their management procedures to include comprehensive data-management practices, and provide strategic and tactical direction for assessing, measuring, and preventing security threats through sound risk-management practices.

He said the certification was based on part two of the original British Standard BS7799. The British standard has two divisions, BS7799-1 and BS7799-2. The former was changed to ISO 17799, and BS7799-2 will become ISO 27001.

The advantage of ISO 27001: 2005 over the previous ISO version is that it provides a clear framework for companies on what they have to change to become the best in what they do. The new standard contains 131 requirements which have to be met for certification. Previous versions didn't require companies to meet all requirements.

Those companies dealing with bulk information require using various technologies to manage work and their information management systems need to be upgraded constantly. Using the new version allows the companies to invest in new technologies properly for maximising their usage.

Teeradej said the weak point of many companies in Thailand was improper investment in new technology that doesn't pay off.

The new version was released late last year and is used in 12 countries including UK, Japan, India, Taiwan, Malaysia, Korea, Singapore, China, and Hong Kong.

To build awareness of the new version, BVQI yesterday invited some 80 companies in target industries to a seminar.

To be certified, companies will have to closely study and improve their information-management systems as per the guidelines. The procedure takes approximately six months and costs Bt100,000 to Bt200,000. A second audit will be conducted a few years later to check whether a company has indeed kept up the standard. This audit would cost Bt400,000 to Bt500,000.

Currently, there are 500 companies in Thailand in a variety of industries that are certified by various ISO versions. Teeradej forecasted that more than 10 per cent of the 500 companies would apply for the new ISO standard.

BVQI is said to be the biggest ISO-certification company in Thailand and one of top three in the world. It offers solutions in the key strategy fields for particular companies and audits them to certify various standards including ISO 9000, ISO 14000, ISO/TS 16949, SA 8000, and hazard analysis and critical control point systems and good manufacturing practices. In Thailand, it has 18,000 customers.

Nitida Asawanipont

The Nation