The company, which was awarded BS7799:2 certification in February, said it no longer has to produce detailed reports on the security of its systems for potential customers. "That would involve writing documents five or 10 pages long to describe the information they wanted and to tailor it to their specific area. For a typical large contract, it could be two weeks' work," said Peter Garfitt, TNT's security and audit manager.
TNT's findings offer a boost to the BS7799:2 standard. While widely respected among IT professionals, it has not been seen as a way for firms to reduce costs.
TNT believes it is saving about half an employee a year in report writing effort because clients are prepared to take BS7799:2 as evidence of its serious approach to security. But the real savings are harder to quantify, said Derek Liggins, TNT's datacentre manager. "If you have got good procedures you are going to be saving time investigating security incidents," he explained.
Many firms are put off by the cost and effort of achieving BS7799:2 certification, but TNT said the process is less difficult than it appears.