SUNTONE[sm] Certification Gives Assurance To Customers Of Secure Services From Certified Service Providers

Singapore, May 13, 2002

IDC Asia/Pacific highlights the need for certification to address increasing security concerns in ASEAN & India region.

Sun Microsystems, Asia South, and Application Service Provider Centre (ASP Centre) announced today that SunTone[sm] certification is playing a crucial role in ensuring the delivery of secure services in the ASEAN and India region. Certified SunTone service providers such as FailSafe Corporation (Singapore) Pte Ltd, i-STT Pte Ltd, National Computer Systems Pte Ltd, and the recently certified Comsat Max Ltd in India, have benefited from their certification. This is especially significant in the area of security, which has received renewed emphasis from potential customers in evaluating and selecting outsourced applications and services.

"Security has always been a major consideration in any decision to outsource. Companies intending to do so want to have the confidence that the service providers are able to maintain the confidentiality, integrity, and availability of all that is entrusted to them," said Alfred Lie, Chief Operating Officer, ASP Centre. "The SunTone certification program focuses on quality service delivery with a strong emphasis on all aspects of security, including policy, procedures, and execution. By addressing the '3Ps' - People, Process, and Product - SunTone certified service providers are able to provide their customers with a secure environment for their systems and data."

A recent IDC survey of 50 Application Service Providers (ASPs) in Asia Pacific indicated that approximately 25% of them had sub-standard security, lacking fundamentals such as user authentication, virus protection, network security and firewall services.

Said Nicholas Yong, Market Analyst, IDC Asia/Pacific IT Services Research, "A breach in security represents a very real financial risk to businesses. What is also at stake is the company's reputation. It is, therefore, vital for ASPs to ensure their services are secure, not only to improve their own visibility, but also the visibility of the industry as a whole. IDC believes that SunTone Certification addresses the issues at hand, and has the potential to raise the bar on expectations of and fulfillment by ASPs, across a wide range of services, including security management."

Service providers that have achieved certification through the SunTone Certification and Branding Program in the ASEAN and India region found more customers demanding proof of security. This is in line with the changing needs of customers with regards to security.

"We manage technology infrastructure services for global multi-national corporations and large government-linked companies who demand quality services delivered on a highly secure basis. We are delighted to have achieved our SunTone certification that was awarded after an exhaustive audit by an independent 3rd party organisation, of our processes that support our outsourcing, hosting and business
continuity service offerings. Our customers now have further assurance that we can indeed deliver secure, scalable and continuously available service levels." said Mr. Lee J. Volante, Chief Marketing Officer, FailSafe Corporation (Singapore) Pte Ltd.

"As with all data center and outsourcing operations, physical and information security remain a key customer concern. Whilst i-STT believes it has implemented extensive processes and tools to reinforce security in these areas, the SunTone Certification confirms our belief and benchmarks us against industry best practices for security. As a third party audit, SunTone Certification also gives both customers and partners the assurance that their service provider of choice has met and exceeded expectations as audited and verified by a credible third party," commented Henry Cheung, Director of Technology and Head of Security, i-STT.

Said Mr Lau Soon Liang, Assistant Chief Executive, NCS, "As a customer-centric IT service provider, NCS addresses the security concerns of our customers on a day-to-day basis. Being SunTone certified has helped NCS provide an added assurance to our customers that their businesses are running on IT systems that are in safe hands. NCS supports this effort to raise the standard of service delivery in Singapore and the region."

* Source: IDC, The Financial Impact of Application Service Providers, 2002.

About SunTone and its Continued Emphasis on Security

The SunTone Certification and Branding Program was developed with the the aim to reassure customers that the service providers who are certified are trustworthy, and can provide a basic service level that will not put their data and business at risk. The SunTone Service Specification, developed based on guidelines outlined by the SunTone Architectural Council - a review group made up of more than than 80 senior technical experts from different industry powerhouses, covers a comprehensive set of requirements of service support and service delivery, of which security is a subset.

Using the specification, the member will review and perform a self-assessment. The required documentation will be submitted to an independent auditor for a final audit. The auditors will then recommend for a certification if all the criteria are satisfied.

The security subset attempts to ensure that confidentiality, integrity and availability of information, are preserved by enforcing systematic controls like:

Establish security goals, policy and procedures
Identify roles and responsibilities accountable for security reviews and audits
Conduct risk assessment and analysis
Establish access control, which covers, physical, network, data, hardware and software
Instill security in organization culture
Conduct security training and education
Evaluate and measure information security
Ensure authorized personnel for accessing information are always updated
Manage security audit logs
Manage customer reporting
Use of security monitoring tools
Establish plan to enhance security practices in the future
In order to ensure that the criteria are relevant to the ever-changing IT environment, the SunTone[sm] Service Specification is reviewed on a regular basis. Security will continue to be one of the key emphasis in the next release.

About FailSafe Corporation (Singapore) Pte Ltd

FailSafe Corporation (Singapore) Pte Ltd ("FailSafe") is a joint venture with equal participation between FailSafe Corporation Holdings Pte Ltd and Singapore Telecommunications Limited (SingTel). As a technology utility company, FailSafe delivers "on-tap", scalable, secure and continuously available computing solutions to businesses. Through our enterprise technology services of fullscale IT outsourcing, application and web hosting, collocation, business continuity, network management, managed storage, tape and data vaulting, and managed services, FailSafe provides resilient enterprise-wide solutions to companies regardless of the computing platforms or business functions they support.

More information about FailSafe and its services can be found at our web site at

About i-STT

i-STT is a leading provider of managed IT infrastructure services that help customers effectively manage their IT investments for optimal performance, continuous availability and immediate scalability. Leveraging on its world-class IP-based WEBCentre data centre facilities located in strategic business cities in Asia, i-STT offers an infrastructure outsourcing solution that combines the essentials of telecommunications, Internet connectivity and network access offered through its telecommunication community hub with application infrastructure services such as operations support, monitoring, managed security, managed platforms and outsourced enterprise messaging to support her customers' mission-critical servers, Internet and business applications and data. i-STT's managed IT infrastructure service capabilities and technical competencies are integrated with other value-added services under two business focuses: WEBCentre services and Global Network Services. The company markets and sells its services globally, and currently has in-country operations in Singapore, Bangkok and Shanghai.

For more information about i-STT and its services, visit

About National Computer Systems Pte Ltd

With a presence in ten locations over six countries across the Asia Pacific, National Computer Systems Pte Ltd (NCS), a wholly-owned subsidiary of the SingTel Group, is the region's leading information technology (IT) service provider. NCS helps its customers gain a competitive edge through the strategic implementation of IT. Its range of IT services encompasses development and integration, infrastructure and outsourcing management, consulting, training and education. Having established itself as a choice IT service provider in the Singapore public service sector, NCS has also enjoyed substantial success in the Education, Healthcare, Defence, Transportation and Logistics, Telecommunications and Financial Services industries. With a regional workforce of 2,400 dedicated professionals, NCS is well-positioned to engage in a long-term partnership to bring business value to our customers.

For more information, please visit

About ASP Centre

The Application Service Provider (ASP) Centre is a joint initiative of the Infocomm Development Authority (IDA), SUN Microsystems and the Nanyang Technological University (NTU), designed to help ASPs deploy new services quickly and cost effectively. Established under the Java Tarik 2 initiative for the purpose of ASP industry development, incubation and research, the Centre has formed partnerships and strategic alliances with technology and infrastructure providers to provide focused assistance to aspiring ASPs, ASP research and ASP industry development. ASP Centre is appointed by Sun Microsystems to be the auditing body for the SunTone Certification Programme in Asia South.

To know more about ASP Centre, please visit

Media Contact
Wendy Tang
NCS Pte Ltd
DID: +65 6556 5629

About NCS

NCS is a member of the Singtel Group and the leading information, communications and technology (ICT) service provider with presence in over 20 countries. NCS delivers end-to-end ICT solutions to help governments and enterprises realise business value through digital transformation and the innovative use of technology. Its unique delivery capabilities include consulting, applications development, systems integration, outsourcing, infrastructure management and portal solutions.