Shell to enforce e-security

As the first company to be accredited with the standard, Shell is renowned for its pro-active stance on information security. Shell, which buys goods and services worth $22bn a year, recently rolled out an e-procurement package and is trading electronically with 100 suppliers.

Shell is looking to impose BS7799 as a contractual obligation for its electronic trading partners, according to a source involved in developing BS7799 who is familiar with the oil giant's efforts to drive the standard forward.

"E-business has forced the issue. Anybody who trades with Shell will have to abide by BS7799. It's a case of 'you must abide by 7799 or you don't trade with us'," the source said.

Peter Goulding, information security consultant at Shell Services International, said BS7799 was not currently a prerequisite to trading electronically, but he did not deny it could become a contractual requirement at some point in the future.

"BS7799 is a core document [for IT security] within the group and is recommended to be used [in a contract] on a case by case basis," he said.

"Because we have BS7799 as a core element, it's automatically something which would be part of our state of mind whether we're dealing with trading partners or internally. It is part of the normal process of doing things," he added.

Last year only 37 firms in the UK were accredited with BS7799. It is unlikely that the majority of Shell's trading partners have gone through the costly and time consuming accreditation process.