is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Tenzing Managed IT Services: Taking information security seriously
16 Mar 2009
Topics: Information security, ISO/IEC 27001, Canada, Americas
Tenzing Managed IT Services has become one of the first Managed IT Services companies in North America to achieve certification to ISO/IEC 27001, the international standard that defines the requirements for an Information Security Management System (ISMS).
ISO/IEC 27001 helps organizations protect their information assets by offering a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS.
Tenzing 's certification was achieved following an audit conducted by BSI Management Systems Canada, which touched on most aspects of the Tenzing operation, from its internal processes to its physical infrastructure.
"We believe in the adoption of best practice," says Kelly Beardmore, CTO of Tenzing. "ISO/IEC 27001 outlines repeatable, quality processes that we embrace and have incorporated into our own road map. It is a long and intense process but, in the end, a third party audit of our systems provides a high level of assurance to our customers that we meet the highest information security standards in the industry."
Tenzing recruited the services of Eosensa Inc. to help prepare for the audit that was conducted by BSI, a leading provider of independent third-party certification of management systems.
Information security is a broad category. It covers network and physical access control, all levels of system redundancy and the protection of information from corruption or loss, all tested through extensive disaster recovery procedures.
"Our biggest risk is not having our customer's data available to them 24/7," says Beardmore. "ISO/IEC 27001 touches upon everything that might impact our ability to deliver that guarantee."
The audit process doesn't end upon certification, but is conducted annually with the goal of continual improvement. This approach is central to Tenzing's own "Summit with Tenzing" service model, in which ITIL certified Technical Account Managers act as trusted advisors. They engage regularly with clients through a "Continual Improvement Stage" and work towards optimizing IT solutions and delivering improved value.
ISO/IEC 27001 represents additional value for Tenzing customers, who have chosen to outsource business-critical IT services. Clients whose systems are required to be ISO/IEC 27001-compliant can outsource their IT services with Tenzing and have them provide guidance towards secure IT solutions that minimize risk.
For a copy of a recent whitepaper by Tenzing CTO Kelly Beardmore on the risks associated with data privacy as it relates to privacy legislation in Canada and the Patriot Act, visit http://www.tenzing.com/news/tenzing-news-article-Jan21-09.asp
For more information on ISO/IEC 27001, visit http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001/
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Monarch Airlines chooses BSI for its European Union Emission Trading System (EU ETS) verification
Monarch Airlines has selected BSI as its provider of verification services against the requirements of the EU ETS directive. This comes in response to the industry's requirement to monitor its CO2 emissions and demonstrate compliance with the directive by submitting a verified annual emissions report by 31 March every year from 2011 onwards.
How do you put a price on a brand? An international standard in the making will provide a consistent, reliable approach to brand valuation.
UK film industry pioneers sustainability standard developed by BSI
The British film industry, in conjunction with BSI, is taking the lead in the global entertainment market with the announcement at the Cannes Film Festival of a new British Standard that will improve the industry's environmental, social and economic impact. For example, in London alone, screen production accounted for 125,000 tonnes of carbon emissions in 2009, 40% of which came from studios and 28% from TV and film production.
OCS, an international facilities services group based in the UK, has achieved triple certification to ISO 9001 Quality management, ISO 14001 Environmental management/ and BS OHSAS 18001 Health and safety management with BSI.
Sapphire earns a standards hat-trick
Sapphire Energy Recovery, the waste processing and resource recovery business owned by Lafarge Cement, has achieved certification to three management systems standards (ISO 9001 Quality management, ISO 14001 Environmental management and BS OHSAS 18001 Health and safety management) from BSI. Sapphire is the UK's leading processor of used tyres, and sources and manages the logistics of a range of waste-derived fuels and raw materials for the cement industry.
We are under increasing pressure to comply with a growing number of regulations and to maintain growth - while under greater scrutiny than ever before. How can this be good for business?
We are all in the risk management business. In the current climate, as consumers we are encouraged to claim compensation or sue for damages for almost any negative incident we encounter.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
