1. Should we accept technology alone can protect? Andy Hodgson
BT Global Services 18 June 2008
2. Agenda for the next 20 mins
BTs approach to Information Assurance
Winning the people agenda
Winning the investment agenda
How to ensure merging of BTs approach to Information Assurance
and Business Assurance why and how.
Key issues going forward
3. 4. 5. Strategic Objectives BT Transformation Objectives
S&CEnd State Vision S&C Strategic Objectives Assurance
& Accreditation OptimumDelivery Management Optimum Organisation
End-to-EndRisk Management Customer Experience Our Vision 'Dedicated
to helping customers thrive securely in a changing world Our
Mission 'Deliver world class and accredited security and business
continuity capabilities and services as part of the end-to-end
customer experience, in order to support BT in achieving its
corporate objectives securely ' 6. Corporate Security &
Continuity Group Services Design Operate Market Facing Units
IncidentManagement Strategy &Compliance Bid & Contract
Assurance Physical AssetProtection DSO Resilience Operating
Committee Leadership Group Senior Management Team Security &
Continuity Professional Community Geographies Systems& Networks
Systems& Networks This is aPan-BT Function Key 7. The people
agenda Think Risk, Bottom Line, Customer Experience Share what
works (bin what doesnt) Impact on others 8. One community website
9. Protecting Information campaign 10. Protecting Information the
four themes 11. Security CBT revision 12. Engagement communications
Blogs Newsletters 13. Celebrating success 14. Winning the
investment agenda
Redesign and re-launch of Bid Security & Certifications
Website.
Development of a Security knowledgebase leveraging SANT
database.
Q3 support bids valued in total of2.25bn; Q4 support provided
to 3.87bn worth of bids (Q4 wins = 833m).
Publicised Securing the Bid Environment Handbook to all major
bids included in the Win Business Process.
Developed the Solution Design/Development Security Reference -
now included in the Win Business Process, BT Design, BT Wholesale
and BT Retail processes.
BT holds 26 security certifications (ISO27001), others in
progress. BT is among the world leaders in ISO27001
certifications.
Costly 3rd party audits (i.e. SAS70) have been avoided by
convincing Customers that BTs extensive security certifications
provide equivalence (saving of360k).
Progress to dateBid Security and Certification (ISO27001)
Limited resource :
Issues 15. Managing risk resilience for BT - Killer facts
Interactive PDF 16. Business Assurance
Quality Management
Standard Solution for IT Service Management and ITIL
Information Security - Portcullis
Business Improvement tools and techniques (6-Sigma etc)
Business Continuity Management
SAS70 Financial Risk & Control
Commercial Imperatives
Information Security ISO27001
Business Continuity BS25999
IT Service Management ISO20000
95% Right First Time in Customer Service by March 2009
15% EBITDA by March 2010
6% per annum revenue growth
Single Instance Audit
Technology Based Audit
Acquisition & Country Integration
Recharge time / coststo Customer Projects
Integrated Management System
ISO9001: 2000 56 Countries
ISO20000 6 Major Contracts
ISO27001 26 International Sites
BS25999
More for less Were stronger together 17. Two for the price of
one!
ISO27001 Training started Q1
Intensive one day course that delivers an introduction to the
ISO27001 standard for setting up an Information Security Management
System. Participants must pass an exam. So far 90 people have
attended this course. At commercial rates this has saved BT in the
region of45k .We have another 70 waiting to attend.
ISO27001 vs. SAS70
A recent Auditreport on a Hosting Facility recommended the
completion of a SAS70 audit. The budgeted cost of this was $300k.
With the Hosting Facility and Auditproposed an alternative based on
ISO27001 certification. This has been agreed by all parties.
18. Why BS25999 certification- 2 for the price of 1
To support the Win Bid Process with differentiation
To meet specific contractual obligations
To ensure that BS25999 is embedded in the organizations culture
and practice = right first time Customer Experience
To drive BCM best practice
To give our customers external assurance that BT takes business
continuity seriously
