- 1. Should we accept technology alone can protect? Andy Hodgson
BT Global Services 18 June 2008
2. Agenda for the next 20 mins
- BTs approach to Information Assurance
- Winning the people agenda
- Winning the investment agenda
- How to ensure merging of BTs approach to Information Assurance
and Business Assurance why and how.
3. 4. 5. Strategic Objectives BT Transformation Objectives
S&CEnd State Vision S&C Strategic Objectives Assurance
& Accreditation OptimumDelivery Management Optimum Organisation
End-to-EndRisk Management Customer Experience Our Vision 'Dedicated
to helping customers thrive securely in a changing world Our
Mission 'Deliver world class and accredited security and business
continuity capabilities and services as part of the end-to-end
customer experience, in order to support BT in achieving its
corporate objectives securely ' 6. Corporate Security &
Continuity Group Services Design Operate Market Facing Units
IncidentManagement Strategy &Compliance Bid & Contract
Assurance Physical AssetProtection DSO Resilience Operating
Committee Leadership Group Senior Management Team Security &
Continuity Professional Community Geographies Systems& Networks
Systems& Networks This is aPan-BT Function Key 7. The people
agenda Think Risk, Bottom Line, Customer Experience Share what
works (bin what doesnt) Impact on others 8. One community website
9. Protecting Information campaign 10. Protecting Information the
four themes 11. Security CBT revision 12. Engagement communications
Blogs Newsletters 13. Celebrating success 14. Winning the
investment agenda
-
- Redesign and re-launch of Bid Security & Certifications
Website.
-
- Development of a Security knowledgebase leveraging SANT
database.
-
- Q3 support bids valued in total of2.25bn; Q4 support provided
to 3.87bn worth of bids (Q4 wins = 833m).
-
- Publicised Securing the Bid Environment Handbook to all major
bids included in the Win Business Process.
-
- Developed the Solution Design/Development Security Reference -
now included in the Win Business Process, BT Design, BT Wholesale
and BT Retail processes.
-
- BT holds 26 security certifications (ISO27001), others in
progress. BT is among the world leaders in ISO27001
certifications.
-
- Costly 3rd party audits (i.e. SAS70) have been avoided by
convincing Customers that BTs extensive security certifications
provide equivalence (saving of360k).
Progress to dateBid Security and Certification (ISO27001)
Issues 15. Managing risk resilience for BT - Killer facts
Interactive PDF 16. Business Assurance
- Standard Solution for IT Service Management and ITIL
- Information Security - Portcullis
- Business Improvement tools and techniques (6-Sigma etc)
- Business Continuity Management
- SAS70 Financial Risk & Control
- Information Security ISO27001
- Business Continuity BS25999
- IT Service Management ISO20000
- 95% Right First Time in Customer Service by March 2009
- 6% per annum revenue growth
- Acquisition & Country Integration
- Recharge time / coststo Customer Projects
- Integrated Management System
- ISO9001: 2000 56 Countries
- ISO20000 6 Major Contracts
- ISO27001 26 International Sites
More for less Were stronger together 17. Two for the price of
one!
- ISO27001 Training started Q1
- Intensive one day course that delivers an introduction to the
ISO27001 standard for setting up an Information Security Management
System. Participants must pass an exam. So far 90 people have
attended this course. At commercial rates this has saved BT in the
region of45k .We have another 70 waiting to attend.
- A recent Auditreport on a Hosting Facility recommended the
completion of a SAS70 audit. The budgeted cost of this was $300k.
With the Hosting Facility and Auditproposed an alternative based on
ISO27001 certification. This has been agreed by all parties.
18. Why BS25999 certification- 2 for the price of 1
- To support the Win Bid Process with differentiation
- To meet specific contractual obligations
- To ensure that BS25999 is embedded in the organizations culture
and practice = right first time Customer Experience
- To drive BCM best practice
- To give our customers external assurance that BT takes business
continuity seriously
- To protect our customers and the BT brand
19. Key Issues