Sodexo wins information security certification

Sodexo's IS&T team, led by Helen Willington, Quality, PMO and Compliance Manager, achieved the certification for the company's Data Centre, which houses its computer servers, following nine months of detailed preparation for a rigorous assessment by the certification board, DAS. The certification assessor had to be satisfied that Sodexo's IS&T Data Centre management team was systematically analysing the business's information security risks; that a comprehensive suite of information security controls was in place covering technical, physical, process and people risks; and there was a strong security management organisation in operation to continually review information security requirements to meet the changing needs of the business and external threats. These controls include measures such as system access controls, strong password policies, laptop encryption, safely housing servers away from risk of fire or flood and ensuring web browsing guidelines are followed. Certification means that Sodexo, a leading food and facilities management provider, has the capability in managing sensitive, confidential data held as part of its involvement in contracts with, for example, Government departments, local authorities or NHS hospitals. Mark Mitchelson, chief technology officer, Sodexo, UK & Ireland, said: "This is a huge achievement for the IS&T team and puts us in a very good place in terms of servicing complex, data sensitive contracts. "Current and prospective clients are understandably becoming increasingly concerned with information assurance in the digital world. At Sodexo, we view it as essential that all means are used to maintain high security to protect information we hold electronically. IS0 27001 certification is a great endorsement of our expertise and puts us at the forefront of information security in the support services sector."