Skip navigation
Talking Business Continuity
Home / Becoming certified / Certification case studies / Audatex UK

Audatex UK

Audatex UKIn a global first, Audatex UK has achieved simultaneous certification from BSI to the new standard for BCM, BS 25999 as well as the established standard for information security, ISO/IEC 27001.

Summary

One of the leading players in the international insurance claims business has achieved a global first by gaining simultaneous certification to two important risk-related management system standards.

Partnering with BSI Management Systems, the global leader in management systems certification, Audatex UK has achieved certification to the international standard for information security, ISO/IEC 27001 and the new standard for business continuity management, BS 25999.

Background

Audatex is the UK’s market-leading provider of computerised insurance estimating and claims management solutions. It works with insurers, bodyshops and motor manufacturers to resolve insurance claims speedily and effectively.

The company, which is based in Theale, Berkshire, is part of the global Solera group of companies which delivers innovative solutions to customers in over 50 countries, across six continents.

Drivers

The company’s IT Services Director, Ross McEleny, said: “There were strong business drivers for certifying to both standards and we were really keen to demonstrate to all our stakeholders and clients our proactive approach to the adoption of best practice for business continuity and information security management. We made the bold decision to become the first global organisation to simultaneously certify to both.

What was involved?

To assist with the rigorous assessment, Audatex worked with Ultima Risk Management (URM) a company that specialises in providing consultancy services in information security and business continuity management.

The project started with risk assessments. Explains Lisa Dargan, Business Development Director of URM: “With BS 25999, senior managers are asked how long they believe the business can survive without certain critical activities and with ISO/IEC 27001, it is about assessing the impact of an information security breach - involving either a loss of confidentiality, integrity or availability. Having assessed business impacts we then looked at the risks which could lead to these impacts and hamper the recovery process.”

Paula Robinson, Information Security Manager and the Project Champion from Audatex, believes this exercise was invaluable: “There were no real surprises with either of the two risk assessments, but both provided a collective perspective which had never been done before and allowed us to prioritise our risk strategy.”

One of the key issues identified from both risk assessments were single points of failure, which led to Audatex putting in place more detailed documentation of procedures and knowledge transfer activities. Measures were also taken to provide greater resilience around services and information provided by third parties. Additionally new suppliers now undertake due diligence activities while the assessment highlighted that access control needed to be tightened, so the company introduced new proximity access cards for staff to use, as well as the implementation of a lock-down computer screen policy to improve security.

Benefits

While achieving certification for two standards presented some tough challenges, one benefit was the implementation of an integrated management system across the company. This complements the company’s implementation of a Sarbanes-Oxley control framework and the adoption of ITIL (IT Information Library) and an ITSMS (IT Service Management System) within its customer service and IT functions. All follow the same principles of procedural documentation, accountabilities, and strong audit trails.

Julian Thrussell, BSI Management Systems UK‘s Product Manager for Risk Standards comments: “Audatex's early decision to combine the implementation of both standards significantly reduced the time overheads involved. The ability of BSI to supply trained assessors to combine parts of the assessment was also beneficial.

Thrussell continues: “Audatex’s senior management engagement and support added a real impetus and drive, which was visible to the assessor from the start. On occasions a company stands out in its approach and success and Audatex can be justifiably proud of what it has achieved.”

Last word

As a global provider of claims solutions we operate at the highest level in terms of information security and business continuity,” says Paul Tucker, Managing Director, Audatex UK. “Being the first company in the world to simultaneously attain certification to both the ISO 27001 and BS 25999 management system standards is an important achievement; underpinning our continuous improvement strategy and demonstrating our ability to lead the way by adopting internationally recognised business standards.”

Meanwhile Julian Thrussell was impressed by the high level of management support for the certification process during the six-month programme, and the enthusiastic response from staff at all levels. This has been strengthened by ensuring that new members of staff go through both a BS 25999 and an ISO/IEC 27001 awareness session as part of their induction process.

He concludes: “This is a fantastic achievement. It would have been commendable for any organisation to achieve either of the standards, but to do the two together is a considerable accomplishment.”

 


Back to the top ^

Email Newsletter

Subscribe to our newsletter Subscribe to our newsletter to receive the latest Business Continuity Management news and information.

Product Guide

Download a free Business Continuity Management Product Guide Provide us with your details and download a FREE Business Continuity Management Product Guide.
© British Standards Institution | Privacy | Terms and Conditions | Accessibility | Site Map | Contact Us
BSI Group Headquarters, 389 Chiswick High Road, London, W4 4AL, UK
Tel: +44 (0)20 8996 9000
a service by BSI