13 August 2010 La certificazione ISO27001 Driver di crescita e caso di successo di una PMI italiana LUIGI BRUSAMOLINO CISM, CRISC Managing Director Southern EMEA - BSI NICOLA MASSERONI Responsabile GRC - FabbricaDigitale The British Standards Institution 2010
2 Who is BSI? 10 Fast Facts Founded in 1901 Global independent business services organization No owners/ shareholders all profit reinvested into business Standards assessment, testing certification, training, software National Standards Body in the UK #1 certification body in the UK and USA >2,500 staff and >50% non-uk 52 offices located around the world 80,000 clients in 147 countries 222.8m revenue in 2009
3 What we do Set innovative standards that are used throughout the globe Provide all the information and training relating to standardization that businesses need to succeed in their competitive markets Businesses rely on us to keep improving the way they run with good management processes and enterprise solutions Independently test and verify products and services to ensure that they are up to the job in terms of performance specification and safety Everyday worldwide, people use and rely on goods and services that have been designed, certified, tested or verified relying on BSI.
4 Operations in 147 Countries
Global 52 Offices Presence Worldwide Monza, Padova London 5 Washington Beijing Worldwide Offices Roma (2012) Mexico City Sao Paulo New Delhi Singapore Sydney
6 OUR SERVICES
7 Our portfolio of services Assessment and Certification Training Governance, Risk and Compliance Testing services Healthcare Services
8 BSI Assessment and Certification A Global Market Leader Leading global certification body with over 69,000 certified locations and clients in over 140 countries A leader in the training, assessment and certification of: Information Security ISO/IEC 27001 IT Service Management ISO/IEC 20000 Business Continuity BS 25999 Quality ISO 9001 Environmental Management ISO 14001 Aerospace AS9100 Health & Safety OHSAS 18001 Energy Management BS EN 16001/ISO50001
9 BSI Assessment and Certification What we do: Information and guidance Assessment and Gapanalysis Second and third-party auditing and verification Certification Continual assessment and strategic reviews Business improvement tools, performance benchmarking and software solutions BSI methodology
Customer journey 10 BSI Training We offer various types of training including: Awareness Training Implementation Training Auditor Training Our delivery options: Public training courses In-house training course e-learning courses Awareness Training Implementatio n Training Auditor training Convenzione AIEA BSI 2011
BSI Governance, Risk & Compliance (GRC) 11 Entropy Software A turn-key solution that provides the management system framework for fully functional integrated and auditable management systems including: Environmental Management ISO 14001 Health & Safety Management OHSAS 18001 Quality Management ISO 9001 Information Security Management ISO/IEC 27001 Supplier Compliance Management (C-TPAT & AEO) and other management systems standards
12 What is Entropy Software? Entropy Software is a web-delivered solution which builds a fully functional and auditable environment that can integrate effective management with governance, risk and compliance.
BSI Testing Services Products 13 KITEMARK CERTIFICATION c 400 Kitemark schemes in fire, construction, electrical, personal safety transport and services sectors including new Energy Reduction Verification. c 2,500 Kitemark licence holders CE MARKING CE marking required to sell or transport many products in Europe BSI is a Notified Body for 15 EU Directives Not a quality mark but legal requirement for many products in Europe PRODUCT TESTING: Manufacturers sometimes just want to test their product in R&D stage and BSI can test to a manufacturers specification as well as British, European and International Standards Direct Testing results in a highly-valued BSI Test Report not a certification licence
14 ISO 27001 facts and future trends
World Market and BSI share ISO 27001 (2009 ISO Survey) 15 27001 Total Market BSI CAGR market: 31% Last year growth market: 40% 12000 9000 BSI Current Share: 59% 12000 9000 6000 6000 3000 3000 0 2004 2005 2006 2007 2008 2009 0 15 Page STRICTLY CONFIDENTIAL
Other 27000 27000 standards standard in development in development ISO/IEC 27007 - Guidelines for information security management systems auditing (2011) ISO/IEC 27008 - Guidance for auditors on information security management systems controls (2011) ISO/IEC 27010 - Information security management for inter-sector and inter-organizational comms (2012) ISO/IEC 27013 - Guidance on the integrated implementation of 20000-1 and 27001 (2012/2013) ISO/IEC 27014 - Information security governance (ISG) framework (2012/2013) ISO/IEC 27015 - Information security management guidelines for financial and insurance services (2012/2013) ISO/IEC 27032 - Guidelines for cyber-security (2012/2013) ISO/IEC 27033 - Information technology - IT Network security (6 parts) (5 parts to follow 2010-2012) ISO/IEC 27034 - Guidelines for application security (2012/2013) 16 ISO/IEC 27035 - Information security incident management (2012/2013) ISO/IEC 27036 - Guidelines for security of outsourcing (2012/2013) ISO/IEC 27037 - Guidelines identification, Collection/Acquisition and preservation of digital evidence (2012/2013) ISO/IEC 27038 - Specification for Digital Redaction (2013)
Future trends in Information Risk / Governance? 17 Government move towards shared services Cloud computing (SaaS) Greater outsourcing / off-shoring Increased use of mobile working Consumerisation Growth in use of social media Proliferation of unstructured content (> need for e-discovery) Heightened regulatory oversight (new privacy / DP directives) Societal response to surveillance state (biometrics)
Future areas for standardisation 18 Cloud Computing (new ISO/IEC Study Group) ongoing review of current concepts, characteristics, definitions, types and components used in Cloud Computing comparison of Cloud Computing to related technologies mapping of existing consortia activity Report (expected to identify new pieces of work for standardization) due in September 2011
19 BSI/RSM Survey 2011
20