Lockheed Martin unit gets ISO 20000 certification
Defense giant Lockheed Martin has received an ISO 20000 certification for its government business, which complements its existing network security certification.
Lockheed Martin has achieved an industry technical certification that enhances the cybersecurity rating of its government business. In the wake of a recent cyberattack on its network, the company is working to assure its customers that its security protocols are top notch.
The ISO 20000 certification demonstrates that a firm follows best practices in IT management and follows evidence-based benchmarks to continuously improve its IT services. The firm received the certification for its Information Systems and Global Solutions business area. The new certification relates to the company’s Services Engineering centers of excellence and the support they provide to government customers.
More importantly, from a cybersecurity perspective, the ISO 20000 complements the firm’s ISO 27001 certification for information security compliance, said Mary Lynn Penn, director of Lockheed Martin’s Strategic Process Engineering division. This double-certification also puts Lockheed Martin in a relatively exclusive category. Only a handful of other U.S.-based firms and organizations have both an ISO 20000 and ISO 27001: Samsung Electronics (USA), The World Bank, Unisys, Verizon Business Network Services and Creative Computing Solutions Inc. (CCSi), according to Lockheed Martin.
Having the additional certification present means that customers are more secure in their operations, Penn said. For example, one review involved the Air Force’s 844th Communications Group located at Joint Base Andrews in Maryland, for which Lockheed Martin provides IT support. The 844th is responsible for providing enhanced communications reliability, survivability, information capabilities and user support in the National Capital Region for the Air Force District of Washington.
When the company conducted an audit of the 844th, the unit was already following all of the standards’ guidelines for information security. “We simply went in and asked them what they were doing,” Penn said.