Doha Bank boosts security

Doha Bank has achieved BS 7799 certification for its IT security. The ISO 17799 standard covers both implementation and management methodologies.

  • E-Mail
By  Matthew Southwell Published  June 29, 2004

Doha Bank has achieved BS 7799 certification for its IT security. The ISO 17799 standard covers both implementation and management methodologies at the Qatari finance house and ensures its security adheres to global best practices. The project was carried out by the bank’s IT department in conjunction with ICICI Infotech’s information security & consulting group. The technology team was selected to oversee the drive for BS 7799 certification due to its knowledge of the subject matter and its work on related projects. “The IT department initiated the bank’s initial IS governance and information security projects. While we were working on these projects we thought of extending the scope to achieve BS 7799. Thus IT continued to lead the project,” explains UVK Kumar, head of IT at Doha Bank. “Additionally the security awareness was much higher in IT than other sections of the bank,” he adds. In order to establish what Doha Bank required to obtain BS 7799 certification, the IT team carried out a gap analysis study. From there, the scope and objectives were agreed upon and communicated to the project team and senior management. At the same time, the technology team began work on a security policy document covering best practices and how they related to Doha Bank. In terms of technology, the Qatari finance house deployed a range of solutions to meet the exacting ISO standard. These included duress alarms, employee ID cards, a centralised CCTV camera monitoring system with motion detection and a centralised door access system. These systems were replicated across all Doha Bank branches and supported by physical security guards and regular drills, which cover fire alarms and equipment testing. While the technical aspects of Doha Bank’s security drive were simply a case of sourcing the correct solutions and implementing them, the human side took more work as the security policies needed to be effectively communicated to staff. “The challenge was to orient all employees on security to make them aware of the policies and procedures [needed] to tackle any security incident or unexpected event,” says Kumar. To ensure widespread buy-in the IT team first ensured the project had the support of senior management. According to Kumar, the entire initiative was sponsored and steered by top management. Further momentum was given to the project through the creation of a cross-functional project team. Part of the team was made up of trainers who were, and still are, responsible for running security awareness workshops. During these classes, staff have the security policies explained to them and are told why they are so important. At the end of each session, attendees are asked to sign a declaration form stating that they will comply with the bank’s security policy.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code