Why opting for an information security management system
Bupa Arabia is part of Bupa Group which provides healthcare services for over 70 years to more than 30 million members in 190 countries by 80’000 employees.
In the ever more digitalized modern world, information technology has become an integral part of Bupa Arabia service offering. However, digitalization brings both opportunities and risks. Customers and stakeholders require high quality IT services and security measures that meet best international compliance practices in IT field.
To satisfy and exceed these expectations Bupa Arabia took the decision to implement ISO 20000-1:2018 (IT Service Management System) and ISO 27001:2013 (Information Security Management System) standards.
From implementation to certification by SGS
In 2021, the management system’s implementation process began. The first standard to be implemented has been ISO 20000.
One year later, Bupa Arabia invited SGS auditors to give an independent, expert assessment of the implemented data protection processes. As a result of the audit, Bupa Arabia received the certificate of conformity as a proof that their service management system has been compliant with ISO 20000 requirements.
Their next step was to implement ISO 27001 standard. Implementation took again around 1 year. In March 2023, after successfully completing the certification audit by SGS, Bupa Arabia was certified against ISO 27001.
"Achieving the two certifications is the result of a huge amount of effort and involvement from every member of Bupa Arabia IT team” says Mr Alfaisal Babaeer, IT and Digital - Executive Director at Bupa Arabia.
Training as a tool to ensure continuous improvement
Bupa Arabia team has been constantly challenging itself to improve their service and provide the highest IT service management, security standards and privacy.
With that in mind, they applied for a number of specialized training courses with SGS Academy in Saudi Arabia. During the period from March to July 2023, SGS delivered the following sessions for Bupa Arabia staff:
- ISO 20000 Lead Implementer Training
- ISO 27000 Lead Implementer Training
- ISO 27000 Lead Auditor Course
Another one, the ISO 20000 Lead Auditor Course, has been scheduled for November 2023.
Well-deserved celebration in Jeddah
A solemn event was organized at BUPA Arabia on 31 Augusts 2023 to Celebrate ISO 27001 and ISO 20000-1 certifications achievement as well as to praise those BUPA Arabia’s employees who have completed the SGS training courses in Spring-Summer 2023.
The event was attended by Mr Tal Nazer, Bupa Arabia CEO, Bupa Arabia CET Members, IT and Digital Executive Director, Mr Iqbal Ahmed Khan, Business Manager SGS Saudi Arabia, and Mr Atif Idrees, Assistant Manager Business Development, Knowledge Division at SGS Saudi Arabia.
We are committed to following a high-quality IT service management and consistent security management system at each level of our organization. Each team member plays his role in achieving the common goal – data protection.
Our team benefited from SGS audits on how to identify potential risks and vulnerabilities within our processes and systems. This allows us to proactively address these risks. That’s led to ongoing enhancements in processes, controls, and overall performance in Bupa Arabia.
Cybersecurity is of primary importance nowadays. With their commitment to information security management as per international standards, Bupa Arabia sets a benchmark for the healthcare industry to follow.
About SGS
We are SGS – the world’s leading testing, inspection and certification company. We are recognized as the global benchmark for sustainability, quality and integrity. Our 98,000 employees operate a network of 2,650 offices and laboratories, working together to enable a better, safer and more interconnected world.
Al-Jbeiha, Yajouz Street, Caracas Building, Entrance No1, 3rd Floor, Office 311,
11193,
Amman, Jordan