BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.
Tenzing Managed IT Services: Taking information security seriously
16 Mar 2009
Topics: Information security, ISO/IEC 27001, Canada, Americas
Tenzing Managed IT Services has become one of the first Managed IT Services companies in North America to achieve certification to ISO/IEC 27001, the international standard that defines the requirements for an Information Security Management System (ISMS).
ISO/IEC 27001 helps organizations protect their information assets by offering a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS.
Tenzing 's certification was achieved following an audit conducted by BSI Management Systems Canada, which touched on most aspects of the Tenzing operation, from its internal processes to its physical infrastructure.
"We believe in the adoption of best practice," says Kelly Beardmore, CTO of Tenzing. "ISO/IEC 27001 outlines repeatable, quality processes that we embrace and have incorporated into our own road map. It is a long and intense process but, in the end, a third party audit of our systems provides a high level of assurance to our customers that we meet the highest information security standards in the industry."
Tenzing recruited the services of Eosensa Inc. to help prepare for the audit that was conducted by BSI, a leading provider of independent third-party certification of management systems.
Information security is a broad category. It covers network and physical access control, all levels of system redundancy and the protection of information from corruption or loss, all tested through extensive disaster recovery procedures.
"Our biggest risk is not having our customer's data available to them 24/7," says Beardmore. "ISO/IEC 27001 touches upon everything that might impact our ability to deliver that guarantee."
The audit process doesn't end upon certification, but is conducted annually with the goal of continual improvement. This approach is central to Tenzing's own "Summit with Tenzing" service model, in which ITIL certified Technical Account Managers act as trusted advisors. They engage regularly with clients through a "Continual Improvement Stage" and work towards optimizing IT solutions and delivering improved value.
ISO/IEC 27001 represents additional value for Tenzing customers, who have chosen to outsource business-critical IT services. Clients whose systems are required to be ISO/IEC 27001-compliant can outsource their IT services with Tenzing and have them provide guidance towards secure IT solutions that minimize risk.
For a copy of a recent whitepaper by Tenzing CTO Kelly Beardmore on the risks associated with data privacy as it relates to privacy legislation in Canada and the Patriot Act, visit http://www.tenzing.com/news/news.asp
For more information on ISO/IEC 27001, visit http://www.bsigroup.com/en/Assessment-and-certification-services/management-systems/Standards-and-Schemes/ISO-IEC-27001/
Business Standards © 2009. Editorial produced by Caspian Publishing in association with the British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
BSI is planning an informal free lunchtime roundtable in central London on 10 December 2009 to explore how small businesses and their trade bodies can work more effectively with standards. Places are limited so to register your interest or request more information, please email bsi.survey@bsigroup.com or call +44 (0)20 8996 7750.
Sustainability: more than "green"
Sustainable development means taking into account the social, economic and environmental impacts of business activities, not only for the present but also for future generations.
A clear case for carbon neutrality
"Carbon neutral" sounds good on paper, but what does it really mean? Organizations are making claims about carbon neutrality for everything from products to travel, events, projects and buildings. The problem is that no one quite agrees what "carbon neutral" means or how far it extends.
Until now, there has been no strict guidance in the UK relating to how audiovisual (AV) installations are carried out. This includes everything from computers and projectors to interactive whiteboards, plasma screens and loud speakers. For AV installation companies, processes can vary significantly.
How do you put a price on a brand? An international standard in the making will provide a consistent, reliable approach to brand valuation.
Question: Can you really measure customer satisfaction?
The simple answer is yes. Two years ago, BSI Management Systems took our customer- focused strategy to the next level by introducing a satisfaction survey for our clients.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
