Saudi Arabia-based National Industrialization Company (Tasnee), a leading provider of industrial services, has achieved ISO 27001 and ISO 20000 certifications for information security and IT service management.

I(TS)2, another Saudi-based IT security company, helped Tasnee develop information security policies and procedures, IT service management function and enhance the maturity of its IT and Information Security policies and processes in order to achieve these ISO certifications, a statement said.

"ISO 27001 is well known internationally adopted standard in the world for information security,” said Abdulgader Al-Harthi, the IT manager at Tasnee.

“Information security is a major concern in today’s world and hence, Tasnee understands and recognises the need for information security.”

“ISO 20000-1:2011 is Service Management System standard that offers lot of benefits such as allowance of operational, tactical and strategic planning; provision of core customer-focused IT services and effective use of IT; improvisation of efficiency through better alignment with business objectives; and so much more,” he added.

ISO/IEC 27001:2005 covers all types of organisations and specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks.

It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

ISO/IEC 20000-1:2011 meanwhile, is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS.

The requirements include the design, transition, delivery and improvement of services to fulfill agreed service requirements.

Salman Ashraf, manager for Information Security Services at I(TS)2, said: "This was a strategic project for I(TS)2, as we integrated two international standards and helped Tasnee achieve certifications for ISO 27001 and ISO 20000 standards simultaneously.”

“ISO 27001 is an information security standard and ISO 20000 is an IT service management standard. In order to achieve our goals set forward, we worked closely with Tasnee to develop and implement these two international standards within a year,” he added.

In order to achieve the certifications, Tasnee had to upgrade its service management system including the service desk. The certification will further improve the efficiency of the process and performance of the employees.

"Implementation was smooth as it was team work and the Tasnee staff participated to make it a successful implementation,” added Ashraf.

“After implementation, we will provide continuous support through monitoring and improvement of the standards. We provide support on a periodic basis to make sure organisation is practicing what has been prepared and implemented. In addition, we will also provide assistance for surveillance audits," he concluded. – TradeArabia News Service