Macquarie Telecom has become the first Australian telecommunications and hosting provider to be certified by SAI Global to ISO 27001 Information Security Management Systems (ISMS). The three year certification is a new international standard designed to help global businesses secure their IT assets and infrastructure and replaces country specific standards for the local market.

It was developed in response to recent high profile credit card security breaches.

The most recent high profile case is the TJX Companies debacle where data on millions of customers had been exposed.

Payment card data involving transactions over an 18-month period between January 2003 and June 2004 had been compromised, as well as further transactions in 2005 and 2006.

An investigation has been launched to find out how intruders gained access to TJX's systems. More than 50 experts from IBM and General Dynamics have been hired by TJX to shore up security following the breach.

In response to the security disasters, governments and business are looking to regulatory compliance to put in place stricter controls.

Under the ISO 27001 standard, there is 135 controls which cover aspects of information security from physical access to network device control, password management, virus impact mitigation processes and managing security risks. Macquarie Hosting managing director, Aidan Tudehope, said regulatory compliance has driven higher IT security standards and the need for security certifications.

"The Sarbanes-Oxley Act has had a significant impact on the financial and legal reporting requirements placed on global businesses," Tudehope said.

"Managing risk associated with the security, reliability and accuracy of a company's IT systems is vital to comply with the Act. "For our customers, ISO 27001 provides a level of assurance that hosted databases, networks and operating systems meet best-practice standards for risk assessment, policy, training, audits, controls, information and communication." In addition to a two-stage certification process, ISO 27001 requires six monthly external audits to ensure ongoing compliance, in which senior management at the certified body sign against the level of risk identified in the audit process. Tudehope said the high level of management control is critical for its government and enterprise customers because it acts as an assurance that confidentiality, integrity and IT availability risks have been effectively managed. ISO 27001 replaces country specific security standards British Standard BS 7799 and Australia and New Zealand standard AS/NZS 7799.

Macquarie Hosting has been accredited to standards BS 7799 and AS/NZS 7799.

New research shows that more than 70 percent of Fortune 1,000 companies are increasing their security budgets to implement new systems and processes to meet regulatory and audit compliance requirements.