BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.
Numerex: information in safe hands
03 Jun 2008
Topics: Information security, ISO/IEC 27001, USA, Americas
In January 2008, Numerex Corp became the first machine-to-machine (M2M) information security provider in North America to earn certification ISO/IEC 27001:2005, the international standard for information security, ensuring data confidentially, integrity and availability. Numerex Corp provides solutions and network services for data communications between machines.
According to Stratton Nicolaides, chairman and CEO of Numerex, the certification is a critical milestone in Numerex's history and for the M2M industry across the board. Achieving ISO/IEC 27001:2005 confirms that the company is responsive to the emerging market needs in the transport and processing of M2M data and holistic M2M security best practices, he said in the company's formal announcement of the certification.
Customer needs
Numerex pursued ISO 27001 certification for three primary reasons, according to Alain Louchez, vice-president of strategic management for Numerex.
"The first reason was validation," he says. "Numerex wanted to be able to demonstrate to the world that its information security framework had received the stamp of approval by the international community and that an outside, third-party had made the assessment."
Numerex also sought certification because it was responding to the increased market requirements in terms of better protection for information: "When you look at major trends in our industry, information security is certainly one of the most important ones," Louchez explains. "Strengthening our information security through certification help us meet these growing requirements."
The last significant reason for pursuing ISO 27001 involved market distinction: "Numerex wants to differentiate itself from its competitors," he says. "We are building a trusting relationship with our customers, and obviously, we think ISO 27001 can help us to engender that faith and confidence."
Although the certification was just recently issued, Louchez says the company has already experienced added value from ISO 27001: "We strive to promote an excellent relationship or rapport with our clients, suppliers, and partners, and ISO 27001 helps us achieve that."
Numerex has benefited from the process of getting certification, he adds, noting that implementing the Information Security Management System (ISMS) has significantly helped the company in its daily activities. Through the implementation process, Numerex has developed a system in a very orderly fashion that will bolster the company's ability to better meet its customers' needs.
"We are using numerous well-tailored control objectives that contribute to shaping a very efficient environment," he says.
For example, Numerex "has woven into its IT screening the ISO 27001 perspective," noting that ISO 27001 provides the backbone that allows Numerex to do an effective and efficient job.
Louchez points out that Numerex has approached its implementation in phases, using the ISO 27001 management system to tightly structure the IT focus of the organization.
"We are the company that offers the broadest choice of secure M2M network services and solutions... ISO 27001 further supports this point," Louchez concludes.
Business Standards © 2009. Editorial produced by Caspian Publishing in association with the British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
While there was a time when companies would never consider working alongside the competition, today's marketplace demands a more flexible approach. Collaboration is fast becoming par for the course. For example, large government contracts often require expertise that goes far beyond any one company's capacity to deliver. Forming a consortium brings together the right experience in the right place, and it can mean the difference between winning or losing a tender.
Rising waters: revising PAS 1188
For those living in areas that are prone to flooding, having the right protection resources available is essential. While images of emergency sandbags holding back rivers of water may fill the media, there is a much wider range of products available for flood protection.
As part of its evolving governance, risk and compliance strategy, BSI has acquired the Supply Chain Security Division of First Advantage Corporation.
Question: Given the state of the environment, should issues like energy management in business be more regulated and closely monitored instead of voluntary?
Climate change is such an urgent issue that some might argue the only answer to this question is "Yes". However, creating laws that achieve their goals in precisely the right way is challenging and time consuming at the best of times. And when it comes to climate change, the factors involved are varied - too many for any one law or set of laws to cover adequately.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
