SLT Broadband grabs highest Int'l security standard

Sri Lanka Telecom [SLT], the country's number one telecommunication service provider has been awarded the highest international information security standard, BS 7799 / ISO 27001 certification for its island-wide broadband network operations services including MPLS based IP VPN services, ADSL services, Business DSL services and ISDN services.

SLT became the first company incorporated in Sri Lanka to achieve this security standard being listed in the prestigious Information Security Management System [ISMS] Registry [http://www.iso27001certificates.com]. This certification (ISOIEC: 27001:2005) awarded to SLT's Internet Protocol (IP) and Broad Band (BB) division from the International Organisation for Standardisation recently.

It was the second division to receive this accreditation within SLT, apart from the British certified BS7799

 standard. Last year SLT data centre also awarded the highest international information security standard, BS 7799 / ISO 27001 certification to services which include hosting of the client's data and provisioning of other services like Co Locating, Dedicated Hosting, Virtual Hosting of Web, Database, e mail and Managed Service.

"SLT is the only service provider to have received this accreditation, and this is an important milestone for us. Customers are very keen to understand how trustworthy an organisation is as their business critical applications depend on the network and services that are provided. Information is an asset, which like other important businessassets, adds value to an organisation and consequently needs to be protected.

Information security has three components - confidentiality, which ensures that information is accessible only to those authorised to have access, integrity, which safeguards the accuracy and completeness of information and processing methods along with availability, which ensures that the authorised user has access to information and associated assets when required," Mr Priyantha Perera, Chief Marketing Officer of SLT said.

The scope of receiving an international standard includes first having to apply for it and the undergo many audits, which focusses on how an organisation can handle the offering of a model for the establishment, implementation, operation, monitoring of, reviewing, maintaining and improvement of an Information Security Management Systems (ISMS) as well as being used in order to access conformance by interested internal and external parties.

The organisation is required to implement identified improvements in ISMS, take appropriate corrective and preventive actions, maintain communications with all stakeholders as well as validate improvements.

It also has to perform monitoring procedures, conduct periodic reviews of ISMS for effectiveness, review level of acceptable and residual risk and conduct internal ISMS audits at planned intervals as well as Formulate and implement a risk mitigation plan and implement controls selected to meet the control objectives.

Defining the scope and policy of ISMS, identifying and assessing the risks, along with managing those risks through control objectives and controls through the preparation of a statement of applicability are also included within the scope.