Unisys centres certified to internationally recognised British standard

BSI Management Systems (BSI) has certified eight of Unisys`s managed services centres (MSCs) to the industry-coveted British Standard 7799 (BS 7799:2002).

The standard outlines criteria specific to information security management and focuses on areas such as security policy, physical and environmental security, access control and business continuity management.

After a formal review of Unisys security processes and facilities, BSI determined that three security operations centres (SOCs) and eight MSCs meet the stringent requirements mandated by BS 7799. Regularly scheduled reviews and audits will be performed to ensure that compliance is maintained.

The BS 7799 certification is in addition to the SAS 70 Type II (Statement on Auditing Standards No. 70, Service Organisations) audit, which the Unisys North American SOC passed earlier this year. SAS 70 is an internationally accepted standard that was developed by the American Institute of Certified Public Accountants.

Unisys is the first managed security services provider to obtain BS 7799 certifications across all its primary security operations centres. SOCs and MSCs awarded certification include Johannesburg, South Africa; Amsterdam, The Netherlands; Blue Bell (Philadelphia), USA; Bogot'a, Columbia; Milton Keynes (London), UK; Sao Paulo, Brazil; Sydney, Australia; and Wellington, New Zealand.

"The BS 7799 certification demonstrates a `best in class` approach to information security management within our global service delivery infrastructure," says Judy List, vice-president and managing partner, Services and Solutions, Unisys Global Outsourcing and Infrastructure Services.

"This approach enables us to support the secure business operations and visibility to security event management activities that our customers demand."

"BS 7799 is based on the most widely recognised security standard in the world," says Geoff Tuck, sales director, GOIS at Unisys Africa. "Although it was originally published in the mid-nineties, it was the revision of May 1999 that really put it on to the world stage. Ultimately, it evolved into BS EN ISO17799 in December 2000. ISO17799 is comprehensive in its coverage of security issues, containing a significant number of control requirements. Compliance with it is consequently a far from trivial task, even for the most security conscious of organisations."

BS 7799 certification also furthers customers` ability to show compliance with regulatory initiatives and recommended IT guidelines such as Sarbanes-Oxley, SAS-70, and CobiT that require strict adherence to recognised best practices in information security. This enables customers to demonstrate implementation of compliance measures within their daily operations, which could result in significant cost savings.

Dr Larry Ponemon, chairman and founder of the Ponemon Institute, says: "Certification of the Unisys managed services centres to the BS 7799 standard gives Unisys customers and partners confidence that the company has implemented the optimal safeguards for their IT environments and critical enterprise information."

The certification reflects Unisys ongoing investment in worldwide managed security and network services capabilities, which brings secure business operations to its clients. This includes the global deployment of an industry leading security information and event management system based on the latest versions of ArcSight ESM software, which enables central collection and analysis of data on security events from heterogeneous devices across an entire network, and a Web-based customer portal that includes an integrated security dashboard providing visibility to all of the security assets managed by Unisys on behalf of its customers.

Unisys continues to deploy methods to increase this visibility for its clients across the enterprise so they can manage risk more effectively and adapt quickly to new market opportunities.