Quality & Security
Multinational organisations throughout the world depend on us for reliable, efficient, cost-effective transport of their valuable information resources. But, reliability is not enough; organisations want assurances that their information is secure. We have taken positive action to document our quality, integrity, security and reliability.
Corporate Quality Policy
SAS 70 Examination
Security Audits
We are committed to delivering consistently high levels of quality service worldwide. This commitment is aggressively supported by investments in hardware, software, support people and state-of-the-art tools. However, these investments alone cannot accomplish the high levels of quality we need. International telecommunications specialists around the world provide the experience and a professional "can-do" attitude that is the essence of our international service capability.
In June 1995, we began the effort to register our Global Network Services quality management system to the ISO 9002, 1994 standard. The quality management system was determined to be in compliance following the first certification audit on December 21, 1995. The registration audit was performed by Det Norske Veritas Certification, Inc. (DNV). The registration was accredited by the Dutch Council for Certification and is recognised internationally. Our Messaging Services operations in El Segundo, California, completed registration to the ISO 9001 standard on February 14, 1997. On February 19, 1999, we combined our Network Services and Messaging Services certifications into one ISO 9001 certification. On February 26, 2003, we were certified to the new ISO 9001:2000 standard. In August of 2003 we passed our first ISO 9001:2000 Surveillance Audit with no findings!
The scope of our Global Network Services registration includes our facilities in Chantilly, Virginia; El Segundo, California; Redditch, United Kingdom; Brussels, Belgium; Tokyo, Japan; and The Hague, The Netherlands. We have become the first global network provider to achieve ISO 9000 Registration. This achievement reflects the quality of our services and the expertise of our staff, and offers another reason for customers to confidently choose us.
The Quality Programmes organisation performs ongoing quality system audits and conducts customer satisfaction surveys. These programmes provide the organisation with continual performance feedback. Our executives regularly review these results to ensure that our quality systems meet customer requirements. Our ongoing commitment to high levels of service quality is reflected by our Quality Policy.
The Corporate Quality Policy
It is our policy to be the supplier of highly reliable and fully supported services that meet customer expectations. We will achieve this by understanding the needs of our customers, and by working together as a team to continuously improve our processes to incorporate these needs into our products and services.
We are committed to the daily pursuit of our quality goals and search for higher quality products and services. It is the responsibility of all our employees to ensure that quality remains the highest priority while performing every task.
SAS 70 Examination
In the same manner as quality, the security and outsourcing of external networks is a concern of multinational organisations, one that is often poorly understood and inflamed by media attention. Publicly traded organisations complying with the SEC's Sarbanes-Oxley Act of 2002 is changing the manner in which organisations are reporting their financials and the way they are managing their internal controls over their financial reporting activities.
The SAS 70 examination, is designed to provide information about the design and effectiveness of our internal controls for the benefit of our customers and the financial statement auditors of our customers. The annual detailed examination process includes a rigorous review of our critical management functions and procedures, as well as a detailed inspection of the physical and network security controls we maintain for our data centres across the world.
Our global network security and control structure is examined annually by independent auditors against the internationally recognised American Institute of Certified Public Accountants' Statement of Auditing Standards Number 70 (SAS 70) examination. SAS 70 is the authoritative guidance that enables service organisations to engage a Service Auditor to disclose their control activities and processes and the effectiveness of those controls to their clients in a uniform reporting format.
Control objectives are audited from a physical, logical and administrative perspective within the larger contexts of Information Security, Computer Operations, Systems Acquisition, Development and Maintenance, and Information Systems Support.
By conducting the annual SAS 70 examination, we secure an independent third party review of the effectiveness of our operational and security controls, and practices at achieving the stated control objectives that may be relevant to a user organisation's internal control as it relates to an audit of financial statements.
Security Audits
We have an on-going security audit process which takes a holistic and multi-disciplined approach to identifying and reducing information security risks on a continual basis.
Risks are addressed through a series of security controls that operate at many layers throughout the organisation, providing synergistic protection against threats to critical information and systems.
Through the use of technology, vulnerability assessments, intelligence analysis, and expert human support ensures basic Security controls are in place and functioning as intended to meet the constantly changing business needs and environment that impact critical information and systems.
We put Security in every byte
Multinationals today are leading the way in demanding unparalleled levels of connectivity within their organisations and to external businesses and customers. These connected business-to-business, client, partner, and employee communities require differing and often extremely high levels of security within complex global configurations.
Security is the prime ingredient in every solution we offer.
BT's Network: Designed with Your Security in Mind
As the world's largest globally managed private network, security on BT's network is unsurpassed. Data, voice, and multimedia traffic on the private backbone is carefully controlled and backed by service level agreements. With our unique virtual private network (VPN) architecture, your data is isolated from the Internet and perfect channel privacy is maintained between customers.
Network Management: Focus on Security
Our Network Security Services allow multinationals to run their mission-critical and delay-sensitive applications over a managed global network. All traffic not explicitly allowed is dropped. The management core is sealed. All traffic within the network is isolated within Nortel Frame Relay and Fore/Marconi ATM PVCs. Native IP is tunnelled within the environment. Even branch-office connectivity and dial-in access is tunnelled. On-the-road dial users have the extra option of using RSA SecurID one-time-password authentication to eliminate the danger of a lost or compromised password.
IVPN: Internet Reach with Private Network Security
We extend our security to our customers' B2B connections with our IVPN product offering. IVPN features reliable Cisco hardware encryption acceleration and provides secure encrypted data with IPSec technology and the integrity of Verisign PKI certificates.
Securing the Internet
Our Internet access points are protected by state-of-the-art Checkpoint Firewalls and Intrusion Detection installations. We make our expertise available to our customers by installing customer-unique firewalls and content filters via our Managed Firewall Services. And we provide our multi-tiered virus elimination suite to protect our Enterprise Email and Messaging customers.
Our People: Experts in Security
Even with all this advanced technology on hand, our people are our first line of defence, bolstered by a full-time CISSP and CISA certified InfoSec staff. Security training is mandatory, frequent, and ongoing. Our CERT team ensures global emergency response. We employ third-party ISO9001, SAS70 and security audit organisations to validate our global information security policies and procedures and to supplement our constant internal and Internet security audits.
In this time of exploding Internet business opportunities for multinationals, we offer solutions that bring our customers the bounty of the Internet, with Security in every byte.