1. What Virgin Media Business does|
2. What did Virgin Media Business need?
3. The pilot scheme & the training
4. How Virgin Media Business benefited from the training
5. The Next steps
What Virgin Media Business does
Virgin Media Business is the largest B2B company in the Virgin Group. Its unique £13 billion nationwide fibre-optic network is 186,000km long. This network is able to reach 85 per cent of businesses in the UK and the network is the digital heartbeat for over 1,500 corporate customers and over 30,000 public sector sites.
The company provides a range of business communications solutions including voice, connectivity and cloud and data centre services.
Virgin Media Business wanted a training programme designed to help staff gain an in-depth understanding of the ISO 27001 standard, an industry-wide set of information security standards. When we approached the team, their main concerns were generating awareness across the organisation (89 of their business units were in-scope), and ensuring buy-in from top-level management. Commitment from management is key to any certified management system and therefore essential to Virgin Media Business. The organisation wanted to increase its expertise and foster company-wide knowledge of ISO 27001 controls and process implementation. This knowledge was integral to their strategy to maximise customer opportunities with the Public Sector where there is focus on attaining defined levels of Information Security compliance. The business had limited time to train employees internally in the required skills, and wanted a fast and effective solution.
What did Virgin Media Business need?
Initially the business wanted to gain a deeper appreciation of the ISO 27001 standard.
Generally Virgin Media Business books employee training programmes through its internal staff development team however, due to the technical nature of LRQA courses and the business requiring tailored training to address their business needs, they decided to work directly with LRQA regarding the content, so a technical call was scheduled to discuss challenges and requirements.
It was identified quickly by the LRQA Account Manager working with Senior Project and Product Managers from Virgin Media Business that a tailored training program covering generic management systems, information on 27001, 224 and 334 compliance and technical issues relating to the specific business units was required.
The courses were carefully tailored to the exact specifications required by Virgin Media Business in both course setup and delivery style. They felt that it was invaluable to have an Account Manager available to them with a wealth of industry experience and who could provide valuable insight into different ways to achieve their goals.
The project began with a pilot scheme
The pilot scheme included 2 sessions with a group from the Business Security Operation Centre (BSOC). This business unit has the most involvement on a day to day basis with regard to Information Security from a customer perspective and were heavily involved in delivering the security compliance services of Virgin Media Business.
The initial training was reviewed and amendments made prior to the roll out across the remaining business units.
“Working with LRQA gave us effective, efficient training that was custom built to meet our needs
The engagement and experience demonstrated by the LRQA Account Manager before and during the running of a pilot scheme was invaluable to us” - Andrew Biddlecombe
The training designed for Virgin Media Business was an introduction to NGN 224 and ISO 27001. It was delivered across a wide spectrum of employees. Over 40 Training sessions were delivered in locations nationwide, to several hundred people over a 30 day period. The employees trained were representatives from all parts of the organisation, from administration through to senior managers who were involved in the NGN 2-2-4 and ISO 27001 certification processes.
Virgin Media ran a number of tailored awareness training sessions to improve the flexibility and skill set across the organisation. The objective of this initial training was to inform employees of their specific security responsibilities and how this affected the organisations objectives.
For example: The business needed to gain certification in order to meet clients’ needs and to protect existing business, whilst enabling future business growth in line with its aggressive targets for the Public Sector.
The training was extremely successful in supporting Virgin Media Business achieve their NGN 2-2-4 and ISO 27001 certification. Feedback from the course delegates was always positive. The highly interactive style of teaching ensured that everyone was fully involved in the sessions and had better understanding of the requirements. This proved useful and effective when bringing the training back into the workplace. The transition of roles and responsibilities of the attendees has been seamless.
“LRQA delivered training that was equivalent to a Saviile Row tailored suit” – Ashley Sax
How Virgin Media Business benefited from the training
Virgin Media Business employees quickly gained a greater understanding of the company requirements for compliance and the significance of the engagement process with its business units. They also gained a high level of understanding of the workings of the standard, helping to ensure the future of the business’ certification level.
With an intensive training programme they achieved their certification goal. The introductory appreciation training ensured that the employees had a good understanding of the standard and their roles in achieving certification, while at the same time were made aware of the organisations very aggressive timescale to achieve Certification.
The biggest benefit to the organisation was that staff were trained from across the business who could take responsibility and have understanding of the requirements placed on them from the certified Management System.
“What we needed was a consistent approach to identifying and assessing assets and risks across the business – this was achieved through the delivery of the bespoke training” – Andrew Biddlecombe
The Next steps
Virgin Media Business now has ISO 27001 and NGN 2-2-4 certification and ensuring employee appreciation of the security requirements on an ongoing basis is vital. It is a requirement of its existing certification that awareness is maintained throughout the organisation.
Current ISO 27001 Implementation courses and ISO27001 Lead Auditor courses will continue. There are plans to undertake further awareness training; auditor training and other bespoke sessions to ensure the continuity of the approach.
“With LRQA’s help we have built a good framework for the future. LRQA Training’s Account Managers understanding of our environment and business needs was invaluable. Their experience and understanding of our organisation was significant in helping us to achieve our goals against a very aggressive timeline – Andrew Biddlecombe
24 May 2013