ISO27001 is an internationally recognised information security certificate that Kuflink has achieved by building comprehensive security procedures into our everyday operations. We have detailed how we protect personal records and sensitive information, as well as implementing thorough risk management systems.
In short, the ISO27001 certificate:
ISO27001 is a developed set of requirements and helps us to plan for a wide array of potential threats, including cybercrime, data theft, data loss, data breaches, misuse of information, cyber attacks and viral attacks.
Our certification shows customers that we can be trusted with your information. In some industries, companies will not select partners that do not have the certificate and it is often a requirement of governmental data-related contracts. Whilst we don’t work with the government, this example is a great way of demonstrating just how seriously we take information security.
ISO27001 tells you that Kuflink understands its security risks and has a solid framework in place to handle them. Our organisation has provided evidence to prove this at our last audit, and will continue to do so going forward.
ISO/IEC 27001 requires that management:
Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization’s information security policy, Statement of Applicability (SoA) and Risk Treatment Plan (RTP). This stage serves to familiarize the auditors with the organization and vice versa.
Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/IEC 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS).
Stage 3 is the certification audits, which are usually conducted by ISO/IEC 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/IEC 27001.
There are 114 controls in 14 clauses and 35 control categories;
What are they?
A.5: Information security policies (2 controls)
A.6: Organization of information security (7 controls)
A.7: Human resource security – 6 controls that are applied before, during, or after employment
A.8: Asset management (6 controls)
A.9: Access control (14 controls)
A.10: Cryptography (2 controls)
A.11: Physical and environmental security (15 controls)
A.12: Operations security (14 controls)
A.13: Communications security (7 controls)
A.14: System acquisition, development and maintenance (13 controls)
A.15: Supplier relationships (5 controls)
A.16: Information security incident management (7 controls)
A.17: Information security aspects of business continuity management (4 controls)
A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (15 controls)
ISO 27001 is recognised internationally and is used by a variety of companies, including non-profits, major corporations, boutique security firms, small e-tailers and even state and federal organisations. The standard comes from the ISO and IEC, two organisations who have made a name in standardisation as well as information security.
Both organisations came together to create a special system that builds worldwide standardisation. The ISO and IEC have members from all over the globe who participate in standards development. ISO/IEC standards have become the preferred credentials for manufacturers, IT companies and customers across the globe.
A copy of our certificate can found here