is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
At Unisys, information security is key
05 Oct 2009
Topics: Information security, ISO/IEC 27001, Quality management, ISO 9001
Unisys, one of the world's leading providers of IT outsourcing services, has achieved certification at its Milton Keynes client centre to ISO/IEC 27001:2005 for Information security management systems (ISMS) from BSI UK. Unisys has now achieved certification at 22 of its client service centres around the world, confirming that it is following the highest principles with regard to secure, effective information management practices.
Unisys works with its clients on four main areas of focus, reflecting Unisys business strengths: security, data centre transformation and outsourcing, end-user outsourcing and support services, and application modernization and outsourcing. As a result, Unisys manages both IT resources for enterprise employees on the front lines of business and IT back office functions, including transaction processing, internal networks and online services. As the use of outsourcing centres has grown, so Unisys has been able to offer more sophisticated, value adding processes such as IT planning and risk management.
Because the IT resources it manages are so directly tied to clients' business mission, the need for Unisys to provide a stable, transparent and adaptable security system for both clients and internal departments is paramount. Unisys has achieved impressive results in this area, so the certification process with BSI followed on from a great deal of solid groundwork.
"Unisys has worked with BSI for a many years - from jointly achieving ISO 9001 certification in the UK to collaborating on a potential e-commerce standard. The fact that BSI had developed the predecessor standard BS7799 and our long relationship proved to Unisys that BSI is indeed the leader in security standards. After choosing BSI as registrar in 2005 we never looked back," says Dr Gerhard Knecht, Global Head of Security and Chief Security Officer for Unisys Global Outsourcing and Infrastructure Services.
Keeping the stream flowing safely
At the heart of ISO/IEC 27001:2005 is the principle of handling data securely. The standard aims to help organizations plan, implement and monitor their performance in the area of data protection, client security and IT infrastructure. It seeks to help organizations identify and mitigate risk and improve management of sensitive data and networks. The goal is a coherent, overarching system that provides secure data management across a range of operations.
The standard sets the benchmark for quality and security across the Unisys network of outsourcing centres. They are situated in 11 countries and reflect Unisys' attempts to offer a truly global service to its clients. Given that the potential risks associated with IT governance - particularly in an outsourced environment - have grown, the importance of demonstrating best practice to clients in this area cannot be underestimated.
Businesses are now waking up to the need to have a coherent plan when it comes to IT security. While millions are invested in both anti-virus software and anti-hacking strategies, it is essential for any organization offering clients such broad IT-based services to demonstrate a commitment to security as well as prove it is engaged in continuous testing and improvement of its systems.
Unisys has been a pioneer in cloud computing, a service that may well revolutionize the way organizations obtain business and IT services. Put simply, cloud computing develops the concept of delivering software, IT infrastructure and other key IT support requirements "as a service," whereby a range of IT functions and networks hosted online are available on demand on a pay-for-use basis. The underlying ethos of the cloud is provision of shared services without an enterprise having to invest in expensive servers and infrastructure. Most large outsourcing providers are now offering cloud computing services to their clients. And cloud computing has certainly opened another potential revenue stream for larger IT firms.
However, the security concerns of chief information officers are one of the biggest impediments to widespread adoption cloud computing. To overcome CIOs' concerns about security of data in the cloud, Unisys has recently unveiled a cloud computing strategy and solutions portfolio for organizations to move enterprise application workloads securely to tailored cloud environments with greater confidence in maintaining the integrity of critical information.
Underpinning this strategy is Unisys Stealth Solution, an innovative, patent-pending data protection technology initially designed for military applications and now available to commercial clients. The Unisys Stealth solution cloaks data through multiple levels of authentication and encryption, bit-splitting data into multiple packets so it moves invisibly across networks and protects data in the Unisys secure cloud.
Complementing the Stealth solution is the layered security infrastructure Unisys has deployed at its client centres, including intrusion detection and prevention service, security monitoring, advanced correlation and analytics, firewall management and logging.
Alongside its own internal R&D into, and implementation of, online security, Unisys is hoping that, by achieving certification on ISO/IEC 27001:2005, it has stolen a march on the competition. By showing clients that it will bring stringent security processes to the whole practice of cloud computing, Unisys positions itself at the cutting edge of IT security.
For more information on ISO/IEC 27001:2005, visit: www.bsigroup.com/isms
For BSI UK, please visit: www.bsigroup.co.uk
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.
A little bit extra for Kitemark® bodyshops and garages
It's all well and good for an automotive bodyshop to earn the Thatcham BSI Kitemark® for Vehicle Body Repair, but it won't have as much impact if potential clients don't know about it. As a consequence, BSI decided to offer an Extras marketing toolkit to bodyshops and garages that have earned the Kitemark.
How do you put a price on a brand? An international standard in the making will provide a consistent, reliable approach to brand valuation.
While there was a time when companies would never consider working alongside the competition, today's marketplace demands a more flexible approach. Collaboration is fast becoming par for the course. For example, large government contracts often require expertise that goes far beyond any one company's capacity to deliver. Forming a consortium brings together the right experience in the right place, and it can mean the difference between winning or losing a tender.
Question: Why is risk management important to business?
First, there's more to risk management than just managing risk. Most organizations will talk about risk assessments, but the question is: what are they assessing? If you don't know what the threats are, then how can you conduct an effective risk assessment?
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
