Feb 07 2012

A successful ISO27001 cert case study and benefits rendered

Category: ISO 27kDISC @ 11:39 am

Check out the ITG site for details

London Pensions Fund Authority (LPFA) achieves ISO27001 and ISO14001 certifications six months ahead of deadline

The London Pensions Fund Authority (LPFA), based at Royal Mint Court, London, is today announcing a remarkable achievement in standards compliance. A leader in the provision of pension administration for the Local Government Pension Scheme, and with its own pension fund worth £4.1bn, LPFA is leading the way in the City of London by recently becoming certified to the ISO27001 Information Security and ISO14001 Environmental Management System standards – six months ahead of project schedule, and with a near-perfect score.

These prestigious awards are the culmination of a fast-track project supported by professional services firm IT Governance, a leader in international standards compliance and best practice, serving clients in the UK public and private sectors.

In the highly competitive global market for pension fund administration, cost-effectiveness and efficiency are vital components for success. LPFA is, therefore, a cost-conscious and well-run organisation, but also one that is aware of its responsibilities when it comes to protecting the security of data and taking a leadership position in improving the organisation’s environmental impact. For these reasons, the LPFA Board adopted international standards and achieved compliance with the ISO27001 Information Security and ISO14001 Environmental Management Standards.

For LPFA, Les Higgs, LPFA’s Programme and ICT Manager, comments: “Our thanks go to IT Governance, whose consultant, Nick Orchiston, enabled us to achieve certification in record time, and – on a personal note – to Lauren McHugh, who has worked so diligently to inform and successfully engage our colleagues at LPFA. The results speak for themselves: after rigorous assessment, the BSI auditor found only three minor non-conformities in the implementation of two weighty international standards. They certificated LPFA to ISO27001 and ISO14001 standards on our first attempt, six months ahead of our project completion date.”

Mike Taylor, LPFA’s Chief Executive, said: “I am delighted that LPFA has managed to achieve ISO accreditation six months ahead of deadline. Key elements, such as enhanced data security and environmental considerations, have become part of life across the whole organisation. This accreditation should give confidence to all Fund members and clients that their information is in good hands. The process had total commitment from the project team, IT Governance and all staff, and it was this that led to a successful implementation.”

“For IT Governance, Steve Watkins, Director, Training & Consultancy, said: “ISO27001 compliance, when approached correctly, provides clear commercial benefits. The risk-based approach means that it is the sensitive information – for example, personal information, bank details, contracts and other confidential material – which is appropriately protected, thereby minimising the risk of reputational damage and providing reassurance to clients, whilst also ensuring the information is available as and when it is needed. Further, certification to ISO27001 demonstrates to clients, staff and stakeholders that the organisation has a systematic approach to managing the security of information, considering the implications of people, processes and technology. We believe that by adopting this standard and seeking accredited certification, financial companies can demonstrate their commitment to respecting clients’ sensitive data.”

The certification pathway to ISO27001 involved extensive risk management evaluation, business resilience planning and ensuring data security standards set by client companies are met and exceeded by delivering industry-leading IT protocols. LPFA will be independently inspected every six months to ensure it is up to speed with the latest data protection and industry requirements – with strong and effective measures to help to protect confidential data and prevent fraud.

The ISO14001 Environmental Management System has helped LPFA to be more environmentally friendly, providing managers with guidance on how to measure consumption and reduce waste. An effective programme to reduce, re-use and recycle has produced top and bottom line benefits by making tangible cost savings, reducing environmental impact and enhancing the organisation’s environmental credentials, winning more business: a fact demonstrated by LPFA’s success in securing commercial tenders as a result of the organisation’s certification in 2011.

IT Governance offers an integrated professional services approach to standards adoption, project development and compliance. The UK-based company provides consultancy advice, coaching and mentoring, knowledge transfer, training programmes and an extensive range of documentation toolkits, software, e-learning and self-help publications designed to speed up compliance projects.

Checkout a comprehensive ISO 27001 ISMS Toolkits from IT Governance

Leave a Reply

You must be logged in to post a comment. Login now.