Julian asks: Why is it that many IT departments tend to resist basic ISO 17799 controls?? I would ask a slightly different question - Why is it that a number of companies and/or their employees think that the law doesn't apply to them or try to work round rather than with the law? There will always be a criminal element for which we need regulatory legislation - but what annoys me is that so many so called reputable organisations think they are above the law. If it were not for those organisations then the workload of TICO, ASA etc would be much smaller. Graham ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^