Lanware, technology partner to the financial world, is pleased to announce that it has recently achieved ISO 27001 – the industry standard for Information Security Management.
As an outsourcing provider it was important that Lanware could demonstrate to all its financial services clients that its business and IT services were absolutely secure.
Lanware focused on finding a mature and internationally recognised solution that would bring information security directly under management control. The ISO 27001 standard was selected and Lanware reached out to industry experts IT Governance to assist in its implementation across the business.
“In partnership with IT Governance, we carefully developed our own Information Security Management System which supports the provision of IT services to the Financial Services sector. For us it’s been just as much about good business practice as security, and we have tried throughout to focus on the context of our organisation and the level of assurance required by our clients.” says Henry Duncombe, Director of Lanware.
To achieve the ISO standard Lanware had to assess all areas of potential risk across the business. This assessment showed that much of the existing physical, environmental and technical security controls were in line with industry expectations and the focus needed to be more on areas such as the internal organisation of security and the consistent application of new policies and procedures.
“For any company thinking of outsourcing to a services provider, the issue of the data security offered by their prospective partner should be a primary concern,” explains Duncombe. “At Lanware we do not shy away from the fact that we present a potential risk to our clients. We are a critical link in the supply chain and by recognising that risk and dealing with it effectively, we put ourselves in the best position to build trust and stronger relationships.”
As a result Lanware has developed new controls. Examples include robust procedures to report and resolve information security incidents, access control policies, third party management and periodic security awareness training to every member of the Lanware team. Uniquely Lanware established a secure Administration Access Zone (AAZ) to control the administration of client systems. All administration tasks carried out by engineers must be completed from a secure server with sessions being continuously recorded using a virtual CCTV system. This reduces the risk of any un-authorised changes to client systems, provides stronger access control and offeres an easy audit trail for any problem investigations.
Tony Drewitt, Head of Consultancy for IT Governance, said: “We are pleased to have helped Lanware achieve ISO 27001 certification. Our risk consultant provided regular on-site and remote support to integrate Lanware’s controls into a structured and harmonised ISMS. We also provided supporting documentation, training and internal audit. Lanware was a great project to work on, as there was commitment and hands on involvement from the senior management team throughout the implementation with input and ownership from the business operational teams. It was evident that there was significant investment in information security, with the implementation of technology and supporting processes, that ensured the on-going effectiveness of the ISMS and resulted in the successful certification.”
By meticulously going through this process Lanware has tightened up internal security controls to go above and beyond the requirements of ISO 27001. The business has taken the ethos of security embodied in the standard and extended it across the whole company, developing its core culture and thereby ensuring that it will adapt and evolve to continually protect Lanware’s business and that of its clients.