“The open and honest relationship has enabled both Logica and bss to work as a single team to a single goal, providing demonstrable trust for citizens.”Peter Calderbank, Chief Executive at bss

What bss Needed
Many clients who want to work with bss understandably want formal assurance that their information will be safe. bss had many practices and procedures to protect data, but wanted to achieve formal ISO/IEC 27001 certification. Doing this would improve their image as a trustworthy partner and create confidence showing clients and the people using their services that keeping datasecure was a priority.

The Challenge
bss potentially works with every citizen in England, Wales and Northern Ireland. It has to safeguard all their information, be it tax return queries or their healthcare information. ISO/IEC 27001 is comprehensive in its coverage of information security issues and contains many control requirements, some extremely complex. Compliance is a far from trivial task, even for the most security conscious organisations. Full certification is even more daunting.

Our Answer
Working with bss, Logica looked at the technical, physical, personnel and procedural issues from an information security perspective. After detailed discussions with bss about their business model and possible problem areas, we began to analyse the security risk to bss by assessing the many different threats and vulnerabilities. The next step was to design a security solution and help with its implementation. Once that was done, we tied it neatly together with business continuity management and auditing.

To read the full case study click on the download link below.