SLT Broadband grabs highest Int'l security standard
Sri Lanka Telecom [SLT], the country's number one telecommunication
service provider has been awarded the highest international information
security standard, BS 7799 / ISO 27001 certification for its island-wide
broadband network operations services including MPLS based IP VPN
services, ADSL services, Business DSL services and ISDN services.
SLT became the first company incorporated in Sri Lanka to achieve
this security standard being listed in the prestigious Information
Security Management System [ISMS] Registry
[http://www.iso27001certificates.com]. This certification (ISOIEC:
27001:2005) awarded to SLT's Internet Protocol (IP) and Broad Band (BB)
division from the International Organisation for Standardisation
recently.
It was the second division to receive this accreditation within SLT,
apart from the British certified BS7799
SLT Staff at the Network Operation Centre |
standard. Last year SLT data
centre also awarded the highest international information security
standard, BS 7799 / ISO 27001 certification to services which include
hosting of the client's data and provisioning of other services like Co
Locating, Dedicated Hosting, Virtual Hosting of Web, Database, e mail
and Managed Service.
"SLT is the only service provider to have received this
accreditation, and this is an important milestone for us. Customers are
very keen to understand how trustworthy an organisation is as their
business critical applications depend on the network and services that
are provided. Information is an asset, which like other important
businessassets, adds value to an organisation and consequently needs to
be protected.
Information security has three components - confidentiality, which
ensures that information is accessible only to those authorised to have
access, integrity, which safeguards the accuracy and completeness of
information and processing methods along with availability, which
ensures that the authorised user has access to information and
associated assets when required," Mr Priyantha Perera, Chief Marketing
Officer of SLT said.
The scope of receiving an international standard includes first
having to apply for it and the undergo many audits, which focusses on
how an organisation can handle the offering of a model for the
establishment, implementation, operation, monitoring of, reviewing,
maintaining and improvement of an Information Security Management
Systems (ISMS) as well as being used in order to access conformance by
interested internal and external parties.
The organisation is required to implement identified improvements in
ISMS, take appropriate corrective and preventive actions, maintain
communications with all stakeholders as well as validate improvements.
It also has to perform monitoring procedures, conduct periodic
reviews of ISMS for effectiveness, review level of acceptable and
residual risk and conduct internal ISMS audits at planned intervals as
well as Formulate and implement a risk mitigation plan and implement
controls selected to meet the control objectives.
Defining the scope and policy of ISMS, identifying and assessing the
risks, along with managing those risks through control objectives and
controls through the preparation of a statement of applicability are
also included within the scope. |