Our company has received ISO 27001 certification for information security management which is compliant with all laws and regulations regarding the management of information security threats including potential risks, vulnerabilities and attacks.
The international standard ISO/IEC 27001:2013 defines the requirements for the implementation and continuous improvement of an Information Security Management System, in organizations and businesses of any size and field of activity, that want to secure their data (financial, know-how, employee data, information which they exchange with third parties).
The requirements
ISO/IEC 27001 with 114 control points and system management requirements specifications, covers the following areas: information security policies, information security organization (roles, responsibilities), staff information and training, IT infrastructure management (PC, servers, etc.) , physical and logical access, encryption policies, physical security and security environments, IT systems security, systems development and maintenance, communications security, vendor relations, security incident management, business continuity management, regulatory and legal understanding and compliance.
The benefits
ISO 27001 certification demonstrates the organization's commitment to:
- to protect the interests of the organization and the trading parties
- in meeting regulatory and legislative requirements
- in the immediate response to information security incidents
- in implementing policies that ensure the integrity, confidentiality and availability of information
