IT security experts from some of the UK's most influential businesses are meeting this week to try to establish a professional body for certifying information security staff.

The group, which includes the Royal Bank of Scotland, Royal Mail and BP, will meet with The Information Security Forum, in an attempt to create an industry body which links financial and IT security needs.

David Lacey, Royal Mail director of information security, told Computing that the group hopes to establish codes of conduct and professional certification for IT security staff, to ensure compliance with growing corporate financial auditing regulations.

'We feel that, with legislation such as Sarbanes Oxley, this is something that needs to done - otherwise it becomes a liability for the business,' he said.

Greater communication between financial and IT departments is also needed to ensure company IT infrastructures can meet auditing requirements, says Lacey.

The group also met last week with fellow Jericho Forum members, to develop a set of IT security standards for suppliers.

More than 26 Jericho members, including Airbus, Cabinet Office, GlaxoSmithKline, HSBC, ICI and Rolls Royce, discussed plans last Thursday at the Royal Mail's innovation labs in Rugby, with the intention of improving information sharing and working between multinational companies (Computing, 26 August).

'We will have a lot of standards emerging for short, medium and long term IT security requirements,' said Lacey, who is also chairman of the Jericho Forum.

Following the meeting, the group will expand its plans for security standards, benchmarking, business processes and vendor management.

Lacey expects to produce a report before the end of October to share with IT suppliers.

Jericho Forum members may also agree to publish the standards in future IT project tender documents given to suppliers, says Lacey.

'We want to positively manage and interact with the vendors, from early stage start-ups through to established security firms,' he said.

Paul Dorey, chief information security officer for BP told Computing, that open security standards are needed for collaborating firms to communicate over web based 'virtual infrastructures'.