Sterlite Technologies’ ISO 9001 certification gave its customers quality assurance, but the company needed a stamp of security. Enter ISO 27001.
- Why Sterlite decided to take the ISO 27001 project live at all its factory locations at the same time
- How the CIO ensured a comprehensive yet interesting security training for the business users.
Sterlite Technologies is India’s only fully-integrated producer of optical fiber, telecommunication cables, and power transmission conductors. Sterlite Technologies operates in 10 countries, and more than 25 percent of national power grids in India run on Sterlite conductors. The company’s customer list features six of the top 10 telecom giants, and its products connect over 75 countries. Sterlite’s net worth stood at Rs 1,148 crore in FY 2012.
The Business Case:
Sterlite’s plant in Aurangabad already had an ISO 9001 certification, and that ensured its customers high standards in production processes and high quality. But with 45 patents in its kitty and some of the largest telecom and power operators banking on its products, Sterlite realized it had to strengthen its information security standards as well.
“Since we operate in global markets and service a lot of global clients, it was important for us to standardize and strengthen our information security practices,” says Prasanth Puliakottu, CIO, Sterlite Technologies.
Puliakottu wanted to create a comprehensive framework which included all aspects of production and processes, including information security. That was because commitment to information security was a prerequisite for many of Sterlite’s clients.
Right from the time of receiving an order till the time of delivering the final product, Sterlite performs numerous quality checks to fufill client requirements regarding information security and ensure standardized procedures. The process was tedious, time-consuming and there was always the fear of missing a step that could cost the company a lot—sometimes, to the extent of losing a client.
Puliakottu realized that an ISO 27001 certification would cement the fact that Sterlite took information security seriously. He roped in Sunil Pawar, Sterlite’s CISO, and the heads of different LOBs to create an ISO 27001 framework.
Puliakottu and his team spent around 18 months creating an information security and process standardization framework. This framework included even the most basic yet often neglected pieces of data security protocols like how paper used during work hours should never be left unattended.
The Challenges: Both Pawar and Puliakottu spent the first three months for the initial preparations and creating a standard ISO 27001 framework. This included external audits, risk assessment, profiling, and closing gaps in processes. But the time of implementation came along with the need to make some strategic calls.
With four plant locations and offices scattered across India, Puliakottu had to figure out a way to conduct security training and implement policies at all locations. The real challenge was completing the entire process in as little time as possible.
“It took us totally 15 months to go live at all locations. Individually, each plant would have taken about eight months instead of 12, but the collective time frame would have been larger as well,” says Puliakottu.
Another challenge was to get employees enthused and serious about security. “We realized that information security in itself is a boring topic and people might not be enthusiastic to attend training sessions,” says Pawar.
However, the duo had other plans. Puliakottu roped in the HR team and initiated a fresh round of training in various enterprise applications for employees. The security guidelines were plugged into these training sessions as part of the larger scheme of things. Just the kind of sugar-coated pill the employees needed.
The impact of the newly acquired certification on Sterlite’s image wasn’t hard to see. Notably, the company finalized a deal with a UAE-based customer within just a few days of acquiring the certification.
“Earlier, the client would come with a checklist and conduct an audit before signing a deal with us. Now, almost 90 percent of the general questions on most checklists are automatically answered because we adhere to ISO 27001,” says Puliakottu.
He expects that as a result of this, Sterlite will be able to generate about Rs 100 crore more than what it would have earlier made over a stipulated period of time.
Having assured quality and security for its customers, Sterlite Technologies can now expect to connect more countries.
It took us totally 15 months to go live at all locations. Individually, each plant would have taken about eight months instead of 12, but the collective time frame would have been larger as well