ISO/IEC 27001 ISMS

CASE STUDIES & SUCCESS STORIES

Every success stories here is a by-product of hard work and dedication by both Maximus and our esteemed clients. Doing the unthinkable with a great deal of effort and endurance to achieve a common goal: Establish a governance that will drive profitable performance of the organization.

Reuters

Reuters, started in 1980s, grew rapidly over the last 20 years and they are the largest Financial News Agency and own the largest private network in the world. Reuters headquarter, Docklands UK, have tried to initiate the ISMS but all was achieved was a set of global information security policy.

George Wang, Regional Security Manager of Reuters Asia, has decided to take up the challenge by seeking ISMS certification. He chose Maximus for its security experience, superb track record and customer testimonial references on our commitment and dedication.

Reuters being a 150 year-old Company at that time, has lots of legacy baggage. Maximus took lots of effort in identifying the issues and rectifying/workaround them with stride. Together with the commitment from the Client, Maximus has managed to stick tightly to the timeline to achieve ISMS certification.

With the resounding success of ISMS certification in Singapore, many other sites have volunteered to be part of the ISMS program. Maximus later helped 3 sites in USA to obtain certification the following year, implemented a site in the UK and another one in Hong Kong. This completes the ISMS certification for all Reuters head-end data centre worldwide.

Besides the regular benefits of ISMS, Reuters in particular reaped the following benefits;

1. Promotion for the Initiator.

  • Regional security manager has gained much political cloud through this initiative; ISMS has gained so much attention that Reuters Asia became well known to the board of directors in UK.
  • Regional security manager was last promoted to joint Global CISO and have established a risk and control team to manage the ISMS program worldwide

2. Consolidating uncoordinated work practices into one common process.

  • Reuters is technically made up of 4 companies with 6 processes through rapid mergers and acquisitions. As there are lots of disputes regarding the adoption of a common process, Maximus has managed to convince the teams to adopt a common process with reference to the ISMS standards.
3. Global Operations, Global Coordination.

  • Reuters business is global and all planning and escalation are centralized. Maximus has helped build a centralized governance program to manage information security through local, regional and global ISMS hierarchical structure. 

Hewlett Packard (HP)

Hewlett Packard (HP) Outsourcing is the 2nd largest Business Process Outsourcing (BPO) in the world and in 2005, they were faced with a dilemma; to get ISMS certified for their service provisioning or get their outsourcing deal terminated by a global customer. Time was short as their HP consulting team has tried to implement ISMS for them for more than a year already.

With only 5 months to go before losing the contract, HP has no room to make any mistakes. They approached Maximus for assistance through strong recommendations from Singapore Telecommunications Limited. Due diligence were soon conducted by US counterparts to review Maximus methodology and technology.

With the strong commitment from the Management and Maximus proven methodology and technology, ISMS framework is quickly assembled and delivered within a short 4.5 months. HP managed to obtain its certification status within the 5 months ultimatum from the Client. Following up with the strong success in Singapore, Maximus has been offered to implement the ISMS program across Asia Pacific Japan, namely Malaysia, Australia, Japan and India.

Within the next year, all sites were ISMS certified and using a common framework across Asia Pacific Japan. HP EMEA took notice of the consistent approach and has decided to adopt Maximus information security risk management framework that year. Due diligence were then done in Germany and within the next 2 years, the whole of HP EMEA has adopted Maximus methodology and technology. After HP EMEA adoption, HP USA followed suit.

Besides the regular benefits reaped, HP in particular reaped the following benefits:

1. Common Audit Framework.

  • Maximus has created a single ISMS framework that is used globally. This allows HP to setup compliance team to perform cross internal audit; an activity that help the team to be better coordinated in terms of delivery and security levels.

2. Reduced TCO for ISMS Management.

  • With big cost cutting initiatives, HP staff have been grounded from time to time; Maximus technology has allowed them to retain quality in risk management while being able to perform risk management without having to physically meet.
  • With the adoption of Maximus advisory on document hierarchy structure, HP has managed to deliver their services through a common set of processes.

3. Walk the Talk.

  • “Global Delivery” is the slogan used by HP to indicate that HP can deliver out of any country with the same service delivery level with security in place. Maximus is glad to be part of the important component to help HP achieve the spirit of global delivery.
  • With the strong commitment and dedication of HP personnel, every involved ISMS personnel literally walk-the-talk, being able to articulate well in terms of information security.

Singapore Telecommunications Limited (SingTel)

Singapore Telecommunications Limited (SingTel) EXPAN is one of the late players in the managed hosting services market in 2002. They were desperate because they need some news coverage to get customers quickly. Instead of spending marketing dollars to promote their services, they have decided to adopt ISMS standards since there were talks about it but no players have implemented them yet.

However, they have their fair share of problems – this managed hosting service is enabled through Hewlett Packard. If the agreement falls through, all intellectual property initiating from Hewlett Packard will be withdrawn and technically, SingTel EXPAN will be left with nothing to operate except an empty data centre space.

Maximus was engaged to implement both ISMS together with BCM for both Singapore and Hong Kong sites concurrently and the reason why they found Maximus is through recommendations from Sony Electronics Singapore, credibility status being a pioneer in the ISMS standards as well as RiskClipper being able to propagate methodology across Asia Pacific consistently.

Upon certification, the customer has experienced the following;

1. Ownership of Intellectual Property.

  • Through the ISMS initiative, Maximus has helped SingTel EXPAN to create a knowledge base of ‘know-how’ from Hewlett Packard. This helps SingTel EXPAN to be able to be independent from Hewlett Packard services within three years. Today, Hewlett-Packard only provides minimal backend support
2. Key differentiator from other Data Centre players through certification standards.

  • While ISMS implementation is in progress, the sales team has used this initiative as their marketing highlight; this helps in boosting their sales by 400%. Today EXPAN has expanded into 3 major sites since the initial certification.
  • Through the implementation of the standard, EXPAN has gain customer confidence and credibility in their services.

3. Strong Management System Foundation.

  • With a robust business continuity management framework set in place, EXPAN has managed to do minimal modification to seek certification in SS/507, a Singapore standard for providers providing BC/DR services and SS/540, a Singapore standard for business continuity management.

SONY

Sony Electronics Singapore divides the IT operations into East and West where Singapore is positioned as the hub for the entire Asia Pacific (outside Japan) and USA as the hub for the West. With all factories and stores connecting into the hub, Sony Electronics need to provide security assurance to these factories and stores as well as its competency to Japan.

At that time, it should be noted that Sony encourages all related companies to use internal services but is not mandated. Hence, Sony Electronics Singapore has decided to take up the ISMS initiative to be a key differentiator to demonstrate capability to all Sony related companies, setting standard regionally/internationally as well as to gain customer assurance in the services provided.

Additionally, network virus attack has been a common scene within Sony and the problem could not be eradicated permanently. They need to use ISMS to enhance the overall security in the operations of Sony Asia Pacific e-hub as well as fostering security awareness throughout the entire organization.

Maximus was engaged by Sony Electronics for 3 reasons namely, security experience, experienced in information security management and local support for the implementation team. Upon certification, the customer has experienced the following;

1. Reduced Downtime savings of more than 300%.

  • A major incident has occurred and what took a normal 8 hours of recovery, only took Sony 6 hours to recovery. By computation of the potential of revenue loss against the consultancy cost invested, Sony has experience a savings of more than 300%.

2. More systematic in prevention of security breaches and more prepared.

  • With exhausted risk management program introduced, Sony has managed to discover the cause of virus attack and other areas of weaknesses, got management support and patched the problems at the root.

3. Good results from corporate audits.

  • Corporate audits came shortly after to determine their compliance level against SOX requirements; the results were outstanding and this shows the comprehensiveness of Maximus system.
4. First to be certified; Model for the rest.

  • At the time of certification, Sony does not have a functional information security policy. Today, Sony corporate has adopted the information security policy from Sony Electronics Singapore, further improved and re-published it at the global level.
  • Good corporate results have demonstrated the usefulness of ISMS and today, more than 4 Sony related companies have followed suit to seek ISMS certification.

We use cookies
Cookie preferences
Below you may find information about the purposes for which we and our partners use cookies and process data. You can exercise your preferences for processing, and/or see details on our partners' websites.
Analytical cookies Disable all
Functional cookies
Other cookies
We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. Learn more about our cookie policy.
I understand Details
Cookies