is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Microsoft Global Foundation Services watches its assets
08 Aug 2008
Topics: Information security, ISO/IEC 27001, USA, Americas
Microsoft Global Foundation Services (GFS) has achieved certification to ISO/IEC 27001:2005, the information security standard - the first major online service provider to do so.
The standard identifies, manages and helps minimize the range of threats to which information is regularly subjected - from customer data to credit card fraud, from intellectual property to ongoing R&D. ISO/IEC 27001:2005 provides a framework for protecting confidential and sensitive corporate and personal information within an organization.
Microsoft takes the protection of their information assets seriously and has chosen to measure their ongoing information security program against the standard's rigorous requirements to ensure that their information security is properly managed and maintained.
"Microsoft Global Foundation Services has been able to extend the Microsoft Trustworthy Computing concepts from packaged software to protecting online services at global scale," says Charlie McNerney, chief information security officer of Microsoft Global Foundation Services. "This certification provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers."
Certification to the standard reinforces to customers, through an independent third-party, that Microsoft operates an Information Security Management System (ISMS) in accordance with the International Organization for Standardization (ISO).
As part of the ISO/IEC 27001:2005 process, BSI performed on-site assessments, examined GFS's documented procedures and audited its overall operations. To determine continued compliance with ISO/IEC 27001:2005, BSI will periodically conduct routine surveillance audits of GFS's business operations.
Says Mark Plesnicher, a senior security compliance manager at Microsoft: "For a company of our size and complexity, auditing our information security program was quite a challenge. The BSI team worked diligently to plan and execute an assessment process that spanned multiple sites and involved many different teams."
"As the first major online service provider to earn ISO/IEC 27001:2005 certification, Microsoft is further demonstrating a commitment to making its company more secure and securing the information of its customers," adds
Todd VanderVen, president of BSI Management Systems. "By formalizing their documentation and processes and using ISO/IEC 27001:2005, Microsoft will be able to improve quality as well as security and continue to raise the bar for the industry, as they have done so well over the years.
"The GFS team is committed and uses well organized processes - ISO/IEC 27001:2005 certification can only serve to improve an already industry-leading business that is itself considered a 'standard' that many strive to achieve."
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
How do you put a price on a brand? An international standard in the making will provide a consistent, reliable approach to brand valuation.
While there was a time when companies would never consider working alongside the competition, today's marketplace demands a more flexible approach. Collaboration is fast becoming par for the course. For example, large government contracts often require expertise that goes far beyond any one company's capacity to deliver. Forming a consortium brings together the right experience in the right place, and it can mean the difference between winning or losing a tender.
Monarch Airlines chooses BSI for its European Union Emission Trading System (EU ETS) verification
Monarch Airlines has selected BSI as its provider of verification services against the requirements of the EU ETS directive. This comes in response to the industry's requirement to monitor its CO2 emissions and demonstrate compliance with the directive by submitting a verified annual emissions report by 31 March every year from 2011 onwards.
Airbus in the UK has achieved certification to BS 25999, the Business Continuity Management (BCM) standard, following an audit from BSI. The certification covers Airbus? wing manufacturing site in Broughton, North Wales and becomes the first aerospace manufacturing company to receive certification to this standard by BSI.
As part of its evolving governance, risk and compliance strategy, BSI has acquired the Supply Chain Security Division of First Advantage Corporation.
Question: Is the contribution made by standards always positive?
Standards can make an enormous contribution to organizations, businesses and society - a number of recent studies have confirmed this as an indisputable fact. But is the contribution they make always positive? In my role as chairman of the United Kingdom Accreditation Service (UKAS), I have a close understanding of the world of standards. Most of UKAS' accreditation work is based on standards - from the certification of quality and environmental management systems to a huge range of product testing and beyond.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
