Contact us  |  Wed 23 July 2008Last updated: 13:55

Shareholder servicesBT.com

BT Today
Newslist

 BT Logo

Home > Newslist

ISO27001 helps win business

Tuesday July 01st 2008.   Posted: 10:10

computer security image

BT now has 26 certificates covering more than 60 key sites and services.

An international security standard is giving BT’s customers peace of mind - and helping the company secure major deals.  

ISO27001 - an international standard designed around 133 security controls - provides a model for setting up and running an effective information security management system.

The company now has 26 certificates covering more than 60 key sites and services - and 20 new sites have been earmarked for certification.

According to global head of IT governance for bid security and certifications Lou Garcia, this demonstrates that BT meets security control requirements - and shows a high level of security governance, especially in the area of risk management.

Lou said: “Many of BT’s most significant customers demand this certification for the services BT provides - and, as demand from our customers increases, so does our programme of certification.”

And, with so many sites coming on board, BT has developed a repeatable tried and tested methodology - so new teams working towards the standard can follow a proven path.

BT Global Services senior security specialist Rick Jones said: “BT uses ISO27001 to really push the strength of its security story. Because BT’s certified sites are independently reviewed by an external assessor - Lloyds Register Quality Assurance - customers enjoy a high level of assurance that BT is following all the requirements of the standard.

“And it allows BT to seek a competitive edge over rival bidders - improving our commercial image and giving BT a unique selling point.”

“To date, BT has already won £5.52 billion of business where ISO27001 is a contractual deliverable - and bids in the pipeline that require ISO27001 are worth £1.17 billion,” said Rick.

As part of the bid process, many customers initially ask BT to carry out expensive SAS70 audits on its services - a demand that has mushroomed since the introduction of the Sarbanes-Oxley Act.

“We, however, use our strong ISO27001 story to convince customers that our ISO27001 certificates provide a lower-cost viable alternative to an SAS70 audit,” said Rick.

“Major customers who have agreed to swap their SAS70 requirements for ISO27001 include PepsiCo, Cadbury-Schweppes, Deutsche Bank, BMS, Novartis, Credit Suisse, Unisys, Cap Gemini, Reuters and the UK Post Office - which, to date, has saved BT more than £1 million in audit costs.”

And the team’s efforts in helping BT people with their bids has seen it receive numerous “bouquets” - including one from global account director Jim Smith.

He worked with Lou and Rick on convincing a customer during negotiations of the strength of ISO27001 certifications as a security standard and provided an ad-hoc response to a security questionnaire from a prospective customer - both within a business day. “It was truly exceptional work - and exemplary of the BT values,” said Jim.

Information provider: Group Communications

Review date: 01/07/09