BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.
Numerex: information in safe hands
03 Jun 2008
Topics: Information security, ISO/IEC 27001, USA, Americas
In January 2008, Numerex Corp became the first machine-to-machine (M2M) information security provider in North America to earn certification ISO/IEC 27001:2005, the international standard for information security, ensuring data confidentially, integrity and availability. Numerex Corp provides solutions and network services for data communications between machines.
According to Stratton Nicolaides, chairman and CEO of Numerex, the certification is a critical milestone in Numerex's history and for the M2M industry across the board. Achieving ISO/IEC 27001:2005 confirms that the company is responsive to the emerging market needs in the transport and processing of M2M data and holistic M2M security best practices, he said in the company's formal announcement of the certification.
Customer needs
Numerex pursued ISO 27001 certification for three primary reasons, according to Alain Louchez, vice-president of strategic management for Numerex.
"The first reason was validation," he says. "Numerex wanted to be able to demonstrate to the world that its information security framework had received the stamp of approval by the international community and that an outside, third-party had made the assessment."
Numerex also sought certification because it was responding to the increased market requirements in terms of better protection for information: "When you look at major trends in our industry, information security is certainly one of the most important ones," Louchez explains. "Strengthening our information security through certification help us meet these growing requirements."
The last significant reason for pursuing ISO 27001 involved market distinction: "Numerex wants to differentiate itself from its competitors," he says. "We are building a trusting relationship with our customers, and obviously, we think ISO 27001 can help us to engender that faith and confidence."
Although the certification was just recently issued, Louchez says the company has already experienced added value from ISO 27001: "We strive to promote an excellent relationship or rapport with our clients, suppliers, and partners, and ISO 27001 helps us achieve that."
Numerex has benefited from the process of getting certification, he adds, noting that implementing the Information Security Management System (ISMS) has significantly helped the company in its daily activities. Through the implementation process, Numerex has developed a system in a very orderly fashion that will bolster the company's ability to better meet its customers' needs.
"We are using numerous well-tailored control objectives that contribute to shaping a very efficient environment," he says.
For example, Numerex "has woven into its IT screening the ISO 27001 perspective," noting that ISO 27001 provides the backbone that allows Numerex to do an effective and efficient job.
Louchez points out that Numerex has approached its implementation in phases, using the ISO 27001 management system to tightly structure the IT focus of the organization.
"We are the company that offers the broadest choice of secure M2M network services and solutions... ISO 27001 further supports this point," Louchez concludes.
Business Standards © 2009. Editorial produced by Caspian Publishing in association with the British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Levi Strauss & Co (LS&CO), the global clothing brand, was the first company to put in place a supplier code of conduct (Terms of Engagement - TOE) covering ethical and environmental standards. With products sold through more than 55,000 retail outlets, this was a big step for the organization and its suppliers.
As pressures mount for businesses to become more efficient, to do more with less and to keep an eye on the bottom line, managing resources effectively is proving more essential than ever. Resource prices have been particularly volatile over the past year and fuel and energy costs to businesses have seen more fluctuations than most.
BSI has published a new SME guide to standardization, Good for Business: The small business guide to standards. It was created to introduce small businesses to British and international standards, and to showcase organizations benefiting from standardization.
ABTA (The Association of British Travel Agents, representing over 5,500 travel agencies and 900 tour operations in the UK) has joined forces with BSI Management Systems UK to produce a guide on implementing an effective complaints handling process - Dealing With Complaints: Complaint Handling.
Policing the Kitemark: Kent Trading Standards
Late in 2008, Kent Trading Standards (KTS) successfully prosecuted the UK retailer of a particular brand of unsafe carbon monoxide detectors, following a lengthy investigation. As part of its case, KTS was able to prosecute the company for misuse of the BSI Kitemark symbol, a first of its kind in the UK. The retailer was fined £65,000 with more than £5,000 in costs, representing the largest financial penalty ever secured by KTS.
Question: Can standards really help minimize the need for regulation?
Regulation and legislation keep business on a level playing field and help mitigate against risk, as was acknowledged by The Hampton Review in 2005.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
