Compliance on building construction, safety issues and healthy working environment for the workforces of garments are paramount – and these compliances issues are being upgraded since some unwanted disasters happened in Bangladesh in the previous years. But, here, I shall cover very important matters regarding the security, integrity and availability of business information extremely required for running garments business processes – the most export earnings (around $36.67 bn, 80 per cent) sectors in Bangladesh, from almost 5,000 garments industries now. No doubt, many industries now have invested huge and deployed state-of-the-art computing infrastructure systems at corporate head offices and manufacturing units.

Certainly, this computing platform comprises a stable data center with varieties of servers roles racked and bundled with latest and updated operating systems, networking and routing devices, application layer firewall systems, structured LAN cabling and high bandwidth virtual private network (VPN) and internet connectivity between corporate business office and factories. These are fundamental requirements to facilitate IT systems for any offices and business industries.

But, here is the concern about how much these huge or significant investment get to be materialized in question of the return and optimum usages of IT and human resources, who use IT and these are regarding the desired productivity of all garments business entities. May be, some are getting the optimum results, having a secured and well setup IT platform, some may not or it might be, the management does not have any clear ideas and pictures about the deployed giant IT setup – how much it is being used to getting best return or how much the resources are being in the waste state! It is always the time to keep vigilant – whether the computing platform set in the corporate head office or factory is vulnerable to the unknown or known threats or potential risks. The risk factors are not always likely from outside, it could be internal and from malicious practices of some employees. Then it is imperative to ensure whether enough measures are being taken to safeguard valuable business data and database resources or operating platform, is the BC (business continuity) policy, process and set-up are up and running in question any disaster (natural or man-made) taken place, are there lots of computing resources kept non-utilized and so forth. ISO/ IEC 27001:2013 standards are here to have assessed and implemented against this standards to keep the whole IT setup and operation of garments industries business process secured, optimum and most productive.

The first stage is the risk assessment following a proactive risk treatment plan and a subsequent implementation of ISO/IEC 27001:2013 ensures a standards, world-class compliant operating platform – and thus, this is the best measure to leverage the highest productivity from the regular human and devices resources of the garments business and factory production base, of course, which are direct or indirectly related to IT process. The vital question: Is anything beyond IT process now, no. So, all proactive actions regarding securing IT operation, hardware resources, and human resources involved to production through information processes, strong surveillance, getting compliance to regulation, stable Business Continuity setup, application and data security and so forth are very urgent to set stable – nobody knows about the hidden, intentional and potential threats are ready for you, for us. Who knows the business competitors are waiting to make massacre, to steal invaluable data from your servers or insecure cloud storage! This is why assessing and implementing all garments business industries using ISO/IEC 27001:2013 (here 2013 is version) standards is no doubt paramount, mostly required and this is recommended to happened today – the 114 controls of 14 control objectives of ISO/IEC 270001 is the best safeguards standards and must-todo tasks for not only garments business, for all businesses and offices where IT setup is running, is there any without that?