is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment - delivering ROI, saving costs, improving quality and mitigating risk. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Tenzing Managed IT Services: Taking information security seriously
16 Mar 2009
Topics: Information security, ISO/IEC 27001, Canada, Americas
Tenzing Managed IT Services has become one of the first Managed IT Services companies in North America to achieve certification to ISO/IEC 27001, the international standard that defines the requirements for an Information Security Management System (ISMS).
ISO/IEC 27001 helps organizations protect their information assets by offering a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS.
Tenzing 's certification was achieved following an audit conducted by BSI Management Systems Canada, which touched on most aspects of the Tenzing operation, from its internal processes to its physical infrastructure.
"We believe in the adoption of best practice," says Kelly Beardmore, CTO of Tenzing. "ISO/IEC 27001 outlines repeatable, quality processes that we embrace and have incorporated into our own road map. It is a long and intense process but, in the end, a third party audit of our systems provides a high level of assurance to our customers that we meet the highest information security standards in the industry."
Tenzing recruited the services of Eosensa Inc. to help prepare for the audit that was conducted by BSI, a leading provider of independent third-party certification of management systems.
Information security is a broad category. It covers network and physical access control, all levels of system redundancy and the protection of information from corruption or loss, all tested through extensive disaster recovery procedures.
"Our biggest risk is not having our customer's data available to them 24/7," says Beardmore. "ISO/IEC 27001 touches upon everything that might impact our ability to deliver that guarantee."
The audit process doesn't end upon certification, but is conducted annually with the goal of continual improvement. This approach is central to Tenzing's own "Summit with Tenzing" service model, in which ITIL certified Technical Account Managers act as trusted advisors. They engage regularly with clients through a "Continual Improvement Stage" and work towards optimizing IT solutions and delivering improved value.
ISO/IEC 27001 represents additional value for Tenzing customers, who have chosen to outsource business-critical IT services. Clients whose systems are required to be ISO/IEC 27001-compliant can outsource their IT services with Tenzing and have them provide guidance towards secure IT solutions that minimize risk.
For a copy of a recent whitepaper by Tenzing CTO Kelly Beardmore on the risks associated with data privacy as it relates to privacy legislation in Canada and the Patriot Act, visit http://www.tenzing.com/news/tenzing-news-article-Jan21-09.asp
For more information on ISO/IEC 27001, visit http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001/
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
While there was a time when companies would never consider working alongside the competition, today's marketplace demands a more flexible approach. Collaboration is fast becoming par for the course. For example, large government contracts often require expertise that goes far beyond any one company's capacity to deliver. Forming a consortium brings together the right experience in the right place, and it can mean the difference between winning or losing a tender.
Security is a challenge at the best of times for a retail bank. If you offer services via the internet, security becomes even more complicated. For Barclays UK Retail Online Banking, information security is at the core of their business, which is one of the main reasons the organization pursued and achieved certification to ISO/IEC 27001 Information security from BSI.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
OCS, an international facilities services group based in the UK, has achieved triple certification to ISO 9001 Quality management, ISO 14001 Environmental management/ and BS OHSAS 18001 Health and safety management with BSI.
A clear case for carbon neutrality
"Carbon neutral" sounds good on paper, but what does it really mean? Organizations are making claims about carbon neutrality for everything from products to travel, events, projects and buildings. The problem is that no one quite agrees what "carbon neutral" means or how far it extends.
Question: Is the contribution made by standards always positive?
Standards can make an enormous contribution to organizations, businesses and society - a number of recent studies have confirmed this as an indisputable fact. But is the contribution they make always positive? In my role as chairman of the United Kingdom Accreditation Service (UKAS), I have a close understanding of the world of standards. Most of UKAS' accreditation work is based on standards - from the certification of quality and environmental management systems to a huge range of product testing and beyond.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
