 Ashok Leyland wins BS 7799 Certification
 Commercial vehicle major and Hinduja Group flagship, Ashok Leyland, has become the first auto manufacturer in India to receive the world-renowned BS7799 certification for its Information Security Management System (ISMS). Ashok Leyland's Data Center at Ennore (EDC) - the system headquarters of the company - has been certified by Standardisation Testing & Quality Certification (STQC) Directorate, a globally-recognised certifying authority of the Government of India, under the Ministry of Information Technology. At a function in Chennai on June 11, S L Sarnot, director general, STQC Directorate, Ministry of Communication & Information Technology, handed over the certificate to Ashok Leyland managing director R
Seshasayee.
Sarnot complimented Ashok Leyland for its initiative in this regard.
"Information is an asset, which, like other important business assets, adds value to an organisation and consequently needs to be suitably protected. In line with Ashok Leyland's tradition of embracing best practices, we went in for this certification, otherwise not a pre-requisite for a manufacturing company," said Seshasayee. "Apart from identifying and minimising security threats, the certification is a tremendous credibility and confidence booster to our global partners and stakeholders," he added.
Seshasayee said the company had invested over Rs 100 crore in IT in the last three or four years. ''In the future, we will invest more," he said, declaring that "we will develop infrastructure to reach global standards."
He said it was important that security systems be of the topmost quality since there were many clients which shared data or designs with Ashok Leyland and would not want security to be breached. Also, it should be understood that information will be the differentiator in business approach. A massive exercise is on in the company to understand customers, their needs and requirements and assess value-drivers.
N Mohanakrishnan, SO - Information Technology and Knowledge Management, Ashok Leyland, said the BS7799-2:2002 certification compliance recognises the organisation's defined security policy, risk assessment and risk treatment plan, selection of controls for identified risks and audit (including technical reviews like ethical hacking, vulnerability assessment, network review). BS 7799 is a standard specified for ISMS, which allows senior management to monitor and control information security, minimise residual business risk and ensure that security continues to fulfil corporate, customer and legal requirements. It forms an integral part of an organisation's internal control. Already, international tender invitations are starting to require BS 7799 compliance.
Ashok Leyland embarked on this initiative in November 2004 and the certification was cleared in the very first review. It is significant to note that this was achieved entirely with in-house talent and expertise, with guidance and training by STQC, Mohanakrishnan said. The company now plans to expand the scope of the certification to other locations on a modular basis, spread over a period of 2-3 years.
STQC, a division of the Department of Information Technology, Government of India, provides cost-effective intemational-level assurance services in quality and security to Indian industry and users. STQC is the first accredited as 7799 ISMS certification body in India that offers certification services under accreditation from RvA, Netherlands.
|
