Skip to main content
search
ArticlesWithout category

[DROPS] SAFEWAY ISO27001 #2

By July 26, 2018#!31Thu, 14 Mar 2019 15:38:34 -0300p3431#31Thu, 14 Mar 2019 15:38:34 -0300p-3America/Sao_Paulo3131America/Sao_Paulox31 14pm31pm-31Thu, 14 Mar 2019 15:38:34 -0300p3America/Sao_Paulo3131America/Sao_Paulox312019Thu, 14 Mar 2019 15:38:34 -0300383383pmThursday=904#!31Thu, 14 Mar 2019 15:38:34 -0300pAmerica/Sao_Paulo3#March 14th, 2019#!31Thu, 14 Mar 2019 15:38:34 -0300p3431#/31Thu, 14 Mar 2019 15:38:34 -0300p-3America/Sao_Paulo3131America/Sao_Paulox31#!31Thu, 14 Mar 2019 15:38:34 -0300pAmerica/Sao_Paulo3#No Comments

ISO 27001 Requirement for Suppliers: What You Need to Know

 

The 1st Security DROPS is about a subject that we have received a lot of demand.

We have seen that not only are large companies seeking ISO 27001 certification, many vendors are working to achieve this certification and improve the security of their solutions to customers. 

Watch the video and read the summary below:

What is ISO 27001?

ISO 27001 is the standard for an information security management system (ISMS), defined by the International Organization for Standardization (ISO). The complete program documentation states that ISO 27001 is designed to: '' provide a template for establishing, adopting, operating, monitoring and maintaining an information management system. ”ISO 27001 is a framework for good practices and processes. so that companies can identify potential risks and then establish a set of controls to protect against those risks and keep their data secure. In short, this certification is the standard that specifies the compliance of providers with the best security controls and best security management practices.

Why is it important for your cloud provider to be ISO 27001 certified?

This certification ensures the security of confidential information from a technical and organizational perspective, and gives customers and stakeholders confidence in risk management. Cloud vendors with this certification periodically assess information security risks, including threats and vulnerabilities, and implement information security controls and risk management to circumvent enterprise and architectural risks. In addition, this certification ensures that your vendor has adopted a process to ensure that all information security controls are performed.

By working with an ISO 27001 certified vendor, you can be more confident that your organization's data is protected. Using an ISO 27001 certified vendor can help your organization in the following ways, among others:

  • Helps ensure secure information exchange
  • Helps the organization fulfill its legal obligations
  • Helps the organization maintain compliance with other regulations
  • Helps provide competitive advantage for your organization
  • Helps in risk management and minimizing risk exposure
  • Helps protect the company, its assets, shareholders, directors and stakeholders.

If your business is in a highly regulated industry, such as pharmaceuticals or financial services, ISO 27001 certification is particularly important as it specifies the controls necessary to meet the regulatory requirements of your industry.

How does ISO 27001 certification ensure that your data is protected and what does it cover?

ISO 27001 documentation requires the organization to properly provide four services: asset pricing and identification, risk assessment and acceptance criteria, management and acceptance of these items, and continuous improvement of the organization's overall security program. The ISO 27001 six-part planning process ensures that certified suppliers meet all safety requirements, from defining a security policy to conducting risk assessment, selecting control objectives and implementing controls. The detailed specification provides the organization with the most effective plan of action for preventive action, as it also requires cooperation between all sectors of the organization.

Are all ISO 27001 certifications the same?

According to system documentation, “ISO 27001 is the only certifiable security management standard.” Customers should specifically seek ISO 27001 certification, as other programs do not necessarily provide assurances as to security information standards or processes. an organization. ISO 27001 provides a guidance on controls, including risk assessment, asset management and control, business continuity management and compliance. Depending on your risks, an organization should apply the corresponding controls. Not all ISO 27001 certifications are the same. We recommend that you determine if your vendor has included all applicable controls and has a well-documented information security management system in place in terms of its technology and organization, including the following sectors: Product Engineering, Operations, Systems and Information Technology, Human Resources, Facilities, Finance and Administration, Legal, Security Quality Compliance and Global Support Services.

ISO 27001 certification provides invaluable security for your organization through detailed asset valuation and risk management, making it a perfect criterion for valuation when choosing a vendor to entrust the most valuable assets to your organization. your organization, that is, your information.

 

About [SAFEWAY]

THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;

● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson technology), tailored to each organization in its security and cyber defense management needs.

● And others, involving technologies such as ImpervaThales, BeyondTrust, Manly and WatchGuard Technologies.

More information: [email protected]

Leave a Reply

Close Menu