The ISO 27001 certification was created to make companies, their assets, their customers and employees more reliable by getting all participants to work together in the same direction and offering good computer security practices and recognised procedures.
It is true that within companies and their Information Systems (IS), there are often a variety of points of contact such as employees, service providers, partners, and customers.
Locking your vehicle securely when you leave it in a car park seems obvious to you? When managing an IS, the situations can be much less clear. The business vision of the different participants, their constraints, and their personal involvement are all biases that can lead to a lack of coordination and communication within your IT projects.
Even if they are perfectly involved and responsible, the people will undoubtedly take very different actions when faced with the same situation. The ISO 27001 standard is there to mitigate this and to help make your IT projects a success.
The ISO 27001 standard: What is it?
ISO/IEC 27001 is an international information system security standard. Published in October 2005 and revised in 2013, it is part of the ISO/IEC 27000 series and certifies organisations.
It lists a set of inspection points to be respected to ensure the ISMS (Information Security Management System) is relevant and to allow it to be used and adjusted.
ISO / IEC 27001 certification is carried out on a three-year cycle marked by the initial audit, surveillance audits and the renewal audit.
The benefits of ISO 27001
The ISO 27001 standard brings many benefits, although it may take a long time to be certified. As this standard is intended for all types of organisations (NGOs, administrations, commercial enterprises), it is difficult to present all the benefits, but, overall, ISO 27001 was designed to provide:
- A practical and detailed description of the implementation of the objectives and security measures,
- A regular audit that allows monitoring of the risks initially identified, the measures taken, and new or updated risks,
- A framework and a strong focus on IT security including:
- A continuous improvement process for security,
- Better control of risks,
- Reduced use of security measures that have no purpose,
- A certification that builds trust with stakeholders,
- An international reference document that standardises and fosters discussion, especially for multi-site businesses,
- A simple, low-cost process,
- Clear and reliable indicators as well as financial steering elements for executive managers,
- Faster and more efficient identification of the risks and related costs.
As you can see, the list of benefits is long… and not exhaustive!
ISO 27001 Certification: NBS System figures
certified data centres
Online hosting in a sensitive data environment
Implementing all best practices, training users, writing documents, and making internal and external audits are strategic investments for a company and require availability and perseverance to begin the certification process and keep it once it is obtained.
NBS System has carried out these procedures for the scope of hosting, outsourcing, and support services.
By providing our customers with Secure Infrastructures for Hosting Sensitive Data, we are committed to several processes.
- Deliveries and tests in pre-production
- Vulnerability audits and application corrections
- Tracing administration and configuration actions
- Describing the company’s security policy
- Acceptance testing & inspecting restorations from backup
- Detailed knowledge of contributors, description of roles (RACI)
- A continuous improvement approach, tracking committees
Online hosting: The benefits of ISO 27001 certification
Building an ISMS is at the core of the ISO 27001 standard. It is based on a set of best practices that must be put in place to ensure the confidentiality, integrity, and availability of your data. This can be seen in the following five major benefits:
- Traceability and documentation of resources and flows
- Standardisation of methodologies for all users and providers
- Teams’ increased awareness of IT security, an assessment of the benefits of starting a certification process
- Risk plan, reversibility plan, data sustainability
- Customer/partner communication and transparency on the sensitive data environment
The scope of ISO 27001 certification
NBS System is a member of OT Group, which is also composed of Oceanet Technology and Net4All. Oceanet Technology was the first entity to embark on the certification process in 2016. Subsequently, it extended the benefits to other entities by expanding its scope to that of NBS System and Net4All and pooling the surveillance audit that took place in May 2017.
Oceanet Technology’s ISMS (which fully includes the other two units of the group) covers providing clients with a secure infrastructure for hosting sensitive data.
NBS System was thus able to certify its two data centers (DC ILIAD DC2, DC3 – Vitry-sur-Seine, and DC EQUINIX PA3 – Saint-Denis) and all its management, backup and data processing protocols that pass through our production and customer support centers.
Since June 2017, we have been able to support our customers in their ISO 27001 procedures regarding hosting and outsourcing issues, whether it’s on our private cloud and/or the public cloud AWS (Amazon Web Services) with whom we have built a strong partnership.
Want to find out more?
Do you have an ISO 27001 project?