This includes both physical security, for example, of premises, work processes and employees and data security in the ICT System (e.g. compliance with ISO17799 and ISO27001: 2005 and the Data Protection Act requirements)
