Unisys Africa has achieved BS7799/ISO17799 Information Security Management System (ISMS) certification after undergoing the rigorous process of proving and verifying that its Managed Service Centre provides a secure environment for its customers` data and information.
As a standard, the BS7799/ISO17799 ISMS is a systematic approach to managing sensitive information in an organisation and ensuring that the company`s people, processes and IT systems are aligned to ensure that the highest level of security is practised and maintained at all times. It is awarded and enforced by the British Standards Institute (BSI) and the International Organisation for Standardisation (ISO).
"Unisys Africa underwent the certification process to provide our customers with peace of mind and the knowledge that confidentiality, integrity and availability of our corporate information and their vital customer information are ensured," says Dave Methven, director of Global Outsourcing and Infrastructure Services at Unisys Africa. "The certificate provides our customers with proof that they can be assured and confident that we are serious about doing business with them and absolutely committed to safeguarding their information."
In order to achieve the certification, Unisys Africa was initially required to ensure that a recognised trainer for the implementation and auditing of the standard trained its staff. A gap analysis was then performed and a risk assessment of the company`s assets undertaken to identify risks.
Based on these risks, a risk treatment was performed with the selection of control objectives of the standard. Finally, Unisys Corporation selected the British Standards Institute as the registrar for Unisys Africa. The certification process took 300 man-hours to complete.
"Already having an ISO 9001:2000 listing assisted enormously with collecting the required documentation for this particular certification process," Methven says. "To remain BS7799/ISO 17799 ISMS-certified, we are now required to perform ongoing training of the staff to ensure that their awareness and implementation of the Information Management System requirements remains consistently high. Regular internal audits have to be conducted by qualified auditors and our adherence to the standard, and effectiveness in applying its principles, must be reviewed often. Finally, risks must be continuously monitored and the `plan-do-check-act` cycle must be followed to mitigate any risk."
Share
Unisys is a worldwide information technology services and solutions company. Our people combine expertise in consulting, systems integration, outsourcing, infrastructure and server technology with precision thinking and relentless execution to help clients, in more than 100 countries, quickly and efficiently achieve competitive advantage. For more information, visit www.unisys.co.za.
Editorial contacts