Shell to enforce e-security
Oil group Royal Dutch/Shell is considering imposing the information security standard BS7799 as a contractual obligation for...
Hazel Ward
As the first company to be accredited with the standard, Shell is renowned for its pro-active stance on information security. Shell, which buys goods and services worth $22bn a year, recently rolled out an e-procurement package and is trading electronically with 100 suppliers.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Shell is looking to impose BS7799 as a contractual obligation for its electronic trading partners, according to a source involved in developing BS7799 who is familiar with the oil giant's efforts to drive the standard forward.
"E-business has forced the issue. Anybody who trades with Shell will have to abide by BS7799. It's a case of 'you must abide by 7799 or you don't trade with us'," the source said.
Peter Goulding, information security consultant at Shell Services International, said BS7799 was not currently a prerequisite to trading electronically, but he did not deny it could become a contractual requirement at some point in the future.
"BS7799 is a core document [for IT security] within the group and is recommended to be used [in a contract] on a case by case basis," he said.
"Because we have BS7799 as a core element, it's automatically something which would be part of our state of mind whether we're dealing with trading partners or internally. It is part of the normal process of doing things," he added.
Last year only 37 firms in the UK were accredited with BS7799. It is unlikely that the majority of Shell's trading partners have gone through the costly and time consuming accreditation process.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments