ISO 27001 is an international standard with global recognition that gives organisations a clear framework to follow for their Information Security Management System (ISMS), it is also a business enabler.
Infomentum is very proud to achieve the internationally recognised certification of ISO 27001 in February for the second consecutive year. The certification has confirmed our compliance to the standard with no non-conformities identified.
ISO 27001 goal is "to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS)."
Through the year we carried out internal audits to identify potential security risks and continuously improve our policies and practices to maintain high standards of information security management.
Our implemented ISMS has been praised by an independent auditor from the British Assessment Beaureau for being exceptionally well organised and practical to use. This has been achieved by building it as a system integrated with our other existing management systems, thus simplifying the flow of information between Security, Operations and IT departments.
The main benefits of certifications
- Secured assets – we have implemented the security practices that are required to prevent security breaches not only on our internal assets but also assets of our customers
- Business continuity – we are well prepared to act in the event of things going wrong.
- Minimised risks - the continuous assessment of potential risks on confidentiality, integrity and availability of all resources and information assets has driven Infomentum to implement effective procedures and controls, which now permeate our business, avoiding excessive bureaucracy and not compromising our “agile” way of working.
- Standardisation and automation - a big portion of the ISMS over the past year has been in the Continuous Improvement area. ISO 27001 best practices have driven our IT team to implement strategic changes, in terms of standardisation and automation, which will help us grow as a business and will give our customers and prospective customers the confidence their assets are in safe hands.
- Customer satisfaction - with the recent advent of GDPR, it is also key that we demonstrated to have taken appropriate measures to ensure that all personal information we hold or process on suppliers, customers and individuals is protected, accurate and up to date, and that we have taken sufficient steps to prevent data from falling into the wrong hands, all the way through the chain of our own suppliers.