Today could be the start of a long and winding road: we are going to talk about BS7799. For people who don’t care this is a “British” standard about system and data security. Now we are not going for accreditation, because let’s be honest we are miles away from that. We are just going to try to follow the standard. The problem I see, without looking at the document (because we don’t have a copy of the standard!) is following standards means changing things. And all the way up to the top of the department, we fear change.