Shell to enforce e-security

As the first company to be accredited with the standard, Shell is renowned for its pro-active stance on information security. Shell, which buys goods and services worth $22bn a year, recently rolled out an e-procurement package and is trading electronically with 100 suppliers.

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Shell is looking to impose BS7799 as a contractual obligation for its electronic trading partners, according to a source involved in developing BS7799 who is familiar with the oil giant's efforts to drive the standard forward.

"E-business has forced the issue. Anybody who trades with Shell will have to abide by BS7799. It's a case of 'you must abide by 7799 or you don't trade with us'," the source said.

Peter Goulding, information security consultant at Shell Services International, said BS7799 was not currently a prerequisite to trading electronically, but he did not deny it could become a contractual requirement at some point in the future.

"BS7799 is a core document [for IT security] within the group and is recommended to be used [in a contract] on a case by case basis," he said.

"Because we have BS7799 as a core element, it's automatically something which would be part of our state of mind whether we're dealing with trading partners or internally. It is part of the normal process of doing things," he added.

Last year only 37 firms in the UK were accredited with BS7799. It is unlikely that the majority of Shell's trading partners have gone through the costly and time consuming accreditation process.