is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Security matters in Russian industry
05 Jun 2007
Topics: Information security, ISO/IEC 27001, Russia
Data security is a big issue for Russian business. It means compliance with international privacy laws and data management requirements, as well as dealing with Russia's rigorous requirements for the protection of subscribers' personal information.
To mitigate risk and cope with the growing telecoms market, MTT has become the first telecoms company in the Russian market to be certified to ISO/IEC 27001, the international information security standard.
It wasn't a straightforward journey. The company was established in 1994 and is now one of the largest Russian providers of domestic and international long-distance telecoms. It brought together individual regional operators' mobile networks into one common telecoms environment in the Russian Federation.
MTT provides and supports telecom services between more than 300 mobile operators' networks and more than 100 fixed operators' networks across Russia. With the liberalization of the Russian long-distance market in 2005, MTT was awarded licences by Rossviaznadzor - the government body that regulates the Russian telecoms industry - to provide domestic and international long-distance telecommunication services to consumers across the entire Russian Federation as well as to the international market. Since 2006, the company has provided domestic long-distance and international communication to fixed network subscribers across the country.
As a consequence, subscriber numbers have risen sharply in a very short space of time - and, along with them, the need for stringent information security measures. MTT chose to meet these requirements through certification to ISO/IEC 27001. The standard determines requirements for an information security management system (ISMS) and helps ensure an organization's ISMS is properly managed and maintained.
"MTT is the first Russian telecoms company to have its ISMS certified to ISO/IEC 27001," says Konstantin Solodukhin, general manager of MTT states. "This not only ensures that MTT can take a competitive position in the international telecoms market, but it also demonstrates to our clients that MTT takes the protection of their information assets seriously. Today, information security is not just ?nice to have', but is a vital necessity."
MTT achieved certification with BSI Management Systems CIS, the Moscow-based office of BSI Management Systems, which covers CIS countries in addition to Russia itself. They also worked with Jet Infosystems, a BSI Management Systems CIS consultancy partner, to prepare MTT's ISMS for certification.
Vladimir Eliseev, general manager of Jet Infosystems, points out the importance of such certification: "The creation of an effective ISMS, which should run seamlessly within the organization's entire management system, is a key asset for today's telecoms companies."
Natalia Gorobets, general manager of BSI MS CIS agrees, adding, "MTT has reaped the reward of a lot of hard work by becoming the first Russian telecoms company to demonstrate its compliance to ISO/IEC 27001."
Insurance policies
The Russian telecoms industry isn't the only one affected by information security issues. OJSC ROSNO - owned by leading German insurer Allianz SE, one of the largest insurance groups in the world - is the first Russian insurance company to achieve certification to ISO/IEC 27001. Working with BSI and its Russian affiliate, Jet Infosystems, ROSNO implemented an information security management system (ISMS) in 10 months.
The project allows the company to provide business data security across all of its divisions. The established ISMS has become part of ROSNO's general management system.
This system comprises organizational, procedural and technical elements, and minimizes the traditional risks and threats that would face any global insurance company: breach of confidentiality (theft and loss of information, including personal information of the company clients), data access violations (blocking and deletion) and data integrity violations (unauthorized and uncontrolled modification, false data intrusion).
Among other advantages, the certification will help ROSNO gain competitive advantage in its work with large corporate clients, who pay special attention to data protection.
"Today, data protection is an urgent necessity," says Vladimir Parshakov, deputy general manager of OJSC ROSNO. "Information and personal data constitute of the major assets of any insurance company. Data security affects the company image and the degree of customer confidence in the company. Successful certification guarantees our investors, business partners and clients that ROSNO not only offers high-quality services, but also provides the highest possible level of data protection."
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
A little bit extra for Kitemark® bodyshops and garages
It's all well and good for an automotive bodyshop to earn the Thatcham BSI Kitemark® for Vehicle Body Repair, but it won't have as much impact if potential clients don't know about it. As a consequence, BSI decided to offer an Extras marketing toolkit to bodyshops and garages that have earned the Kitemark.
Airbus in the UK has achieved certification to BS 25999, the Business Continuity Management (BCM) standard, following an audit from BSI. The certification covers Airbus? wing manufacturing site in Broughton, North Wales and becomes the first aerospace manufacturing company to receive certification to this standard by BSI.
A clear case for carbon neutrality
"Carbon neutral" sounds good on paper, but what does it really mean? Organizations are making claims about carbon neutrality for everything from products to travel, events, projects and buildings. The problem is that no one quite agrees what "carbon neutral" means or how far it extends.
Question: This year marks the 25th anniversary of data protection regulation in the UK. Does the fact that such legislation exists mean that standards do not have a big role to play in the data protection puzzle?
First of all, the fact that there is legislation in place does not mean standards do not have a role to play. Quite the contrary: in many cases, standards offer a framework for businesses to better prepare and comply with legislation.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
