ISO 27001 is the de facto standard for information security management systems with more than 40,000 organisations certified world wide as of 2018 with an annual growth rate of around 20%. It is an international standard that details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold secure.
ISO 27001 focuses on establishing a sustainable information security management system reflecting risks to client data in terms of confidentiality, integrity and availability and aligning with industry best practice. While not prescriptive it is thorough in its categorisation of potential controls.
A useful primer to this can be found at: https://www.isms.online/iso-27001/requirements-controls.
Maintaining accreditation requires internal audits and external audits by an independent certifier at least annually which ensures that the system continues to improve and adapt and is applied effectively. Failures to fulfil what is required by the ISO 27001 standard, ISMS policies and procedures or the third party auditor result in non-conformance being identified and reported. Unresolved in a timely manner these prevent retaining certification to the standard.
Also important to note - ISO27001 share many similarities with SOC 2 (https://www.tugboatlogic.com/blog/iso27001-soc2-certification-similarities)
The scope of the ISMS is the key differentiator for data platform solutions.
This is very important as the responsibility for security should not stop at just the provision of a software by a supplier - leaving the heavy lifting of a security system to the client or worse, with unclear ownership or responsibilities.
As ICS offers a fully hosted and managed solution, we are proud to confirm that the scope of our ISMS fully covers client data and the capacity to securely deliver our solutions - ICS ATHENA and ICS FUSE - to clients to support their collection, management, processing and distribution of this data.
You need to have confidence that your data is fully protected.
Comments