Andy Hodgson

1
(No Transcript)
2
Should we accept technology alone can protect?
Andy Hodgson
VP, BT Global Services Business
Resilience,Security Business Excellence
3
Should we accept technology alone can
protect?Andy HodgsonBT Global Services18 June
2008
4
Agenda for the next 20 mins

• BTs approach to Information Assurance
• Winning the people agenda
• Winning the investment agenda
• How to ensure merging of BTs approach to
  Information Assurance and Business Assurance
  why and how.
• Key issues going forward

5
(No Transcript)
6
(No Transcript)
7
Strategic Objectives
BT Transformation Objectives
SC End State Vision
SC Strategic Objectives
Assurance Accreditation
Customer Experience
Optimum Organisation
End-to-End Risk Management
Optimum Delivery Management
8
Security Continuity Professional Community
Corporate Security Continuity
Resilience Operating Committee
Senior Management Team
Leadership Group
Group Services
Market Facing Units
DSO
Incident Management
Bid Contract Assurance
Strategy Compliance
Geographies
Design
Operate
Physical Asset Protection
Key
Systems Networks
Systems Networks
This is a Pan-BT Function
9
The people agenda
Think Risk, Bottom Line, Customer Experience
Share what works (bin what doesnt)
Impact on others
10
One community website
11
Protecting Information campaign
12
Protecting Information the four themes
13
Security CBT revision
14
Engagement communications
Newsletters
Blogs
15
Celebrating success
16
Winning the investment agenda
17
Managing risk resilience for BT - Killer facts
Interactive PDF
18
Business Assurance
Were stronger together

• BS25999

• Quality Management
• Standard Solution for IT Service Management and
  ITIL
• Information Security - Portcullis
• Business Improvement tools and techniques
  (6-Sigma etc)
• Business Continuity Management
• SAS70 Financial Risk Control
• Commercial Imperatives

• ISO9001 2000 56 Countries
• ISO20000 6 Major Contracts
• ISO27001 26 International Sites

• Single Instance Audit
• Technology Based Audit
• Acquisition Country Integration
• Recharge time / costs to Customer Projects
• Integrated Management System

• Information Security ISO27001
• Business Continuity BS25999
• IT Service Management ISO20000

• 95 Right First Time in Customer Service by March
  2009
• 15 EBITDA by March 2010
• 6 per annum revenue growth

More for less
19
Two for the price of one!

• ISO27001 Training started Q1
• Intensive one day course that delivers an
  introduction to the ISO27001 standard for setting
  up an Information Security Management System.
  Participants must pass an exam. So far 90 people
  have attended this course. At commercial rates
  this has saved BT in the region of 45k. We have
  another 70 waiting to attend.
• ISO27001 vs. SAS70
• A recent Audit report on a Hosting Facility
  recommended the completion of a SAS70 audit. The
  budgeted cost of this was 300k. With the Hosting
  Facility and Audit proposed an alternative based
  on ISO27001 certification. This has been agreed
  by all parties.

20
Why BS25999 certification - 2 for the price of 1

• To support the Win Bid Process with
  differentiation
• To meet specific contractual obligations
• To ensure that BS25999 is embedded in the
  organizations culture and practice right
  first time Customer Experience
• To drive BCM best practice
• To give our customers external assurance that BT
  takes business continuity seriously
• To protect our customers and the BT brand

21
Key Issues
22
(No Transcript)