ROCHESTER, N.Y. -- Xerox Corporation (NYSE: XRX) has achieved ISO/IEC 27001 certification for its LNK_NR_Document_Imaging and hosted repository operations, resulting from the company's continuing efforts to secure the integrity of business-critical information for customers such as Enterprise Rent-A-Car and other major companies.

ISO/IEC 27001, a global industry standard created by the International Organization for Standardization and the International Electrotechnical Commission, validates service organizations that maintain a sound and secure information management system. Introduced in October 2005, the standard is an upgrade to the British Standards Institution's BS7799-2 certification, which Xerox previously held.

Xerox received ISO/IEC 27001 certification for three facilities:

  • The Xerox Imaging Services Center in Hot Springs, Ark., which processes about 1.2 million document images a day.
  • The Xerox Document Services Hosting and Repository Center, near Rochester, N.Y., which hosts and manages customers' business data.
  • The Xerox Global Knowledge and Language Services operation in Webster, N.Y., which produces and manages documentation for customers' products, sales and services.
"The ISO/IEC 27001 certification demonstrates that customer information security is a top priority for Xerox, as it has upgraded when the international standards body has upgraded," said Gene Roth, director of corporate purchasing for Enterprise Rent-A-Car, which, among other things, has all rental agreements scanned and stored online by Xerox. "The development, implementation and ongoing monitoring of processes to mitigate information security risk is clearly as important to Xerox as it is to us."

ISO/IEC 27001 certification is achieved through a rigorous independent audit of a service organization's technology, processes and people. The certification validates that Xerox has met compliance policies and guidelines for securely managing proprietary customer information. Xerox's imaging and repository operations were evaluated by the Information Security Management Systems International User Group.

From scanning and indexing hardcopy documents to securely storing and managing those electronic files in a hosted repository, Xerox's document imaging and repository services can make difficult-to-reach data accessible and searchable. As increasing regulation continues to dictate how records are processed and stored, such services can benefit companies in a range of industries. For example, healthcare organizations must maintain strict records retention policies to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Certifications like ISO/IEC 27001 provide added confidence that patient records will remain secure and private.

"Security isn't a 'nice to have' in today's information management arena; it's a must," said John Ciulla, vice president, Business Process Services, North America Operations, Xerox Global Services. "Staying up-to-date with the latest industry security standards gives our customers the peace of mind that their data is not only accessible when it is needed but that potential risks are mitigated."

ISO/IEC 27001 is the latest accreditation earned by Xerox's imaging and repository operations. In 2005, Xerox was presented SAS 70 Type 1 certification for its Rochester and Hot Springs operations. Xerox also plans to seek ISO/IEC 27001 certification for the remainder of its imaging and repository facilities around the globe.

About Xerox Global Services
LNK_NR_GlobalServices_Site provides document management solutions to leading companies around the world. With revenue in excess of $3 billion and over 15,000 service professionals who deliver consulting and outsourcing services, Xerox Global Services optimizes assets in the office, streamlines document-driven business processes, and improves efficiency in high-volume print production centers.

-XXX-