Last week was an exciting week for the Axenic team with some big news. We are extremely proud that we achieved the ISO/IEC 27001:2013 certification and we don’t underestimate what a huge accomplishment this is for our business and importantly – our customers. Information security is at the core of what we do at Axenic, and we wanted to practice what we preach. You may be interested in getting ISO/IEC:2013 27001 certification for your organisation – read on to find out why we went through this process and what it means for our clients.
First though – what is ISO certification?
ISO/IEC 27001:2013 (as it is more formally referred to) is an international standard that provides requirements for managing information security. ISO/IEC 27001:2013 certification is a written assurance from an independent third-party body that an organisation’s Information Security Management System (ISMS) meets the requirements of the standard. As always, we strive to be accurate in our representation and usage of terms hence the use of the full name here. It is important to note that in accordance with the advice of the International Standard Organisation (ISO), the terms “ISO Certified” or “ISO Certification” is not strictly accurate. However, amongst businesses, it is commonly referred to as merely “ISO 27001 Certification” or “ISO 27001 Certified”. In the interest of keeping things simple, we will refer to it using these terms going forward.
Why we went for ISO 27001 Certification?
Certifications against ISO requirements can be quite an undertaking. We wanted to actively manage the security of our information as well as the information entrusted to us by our customers. This is why meeting the requirements of ISO 27001 was so important for helping us improve our organisation’s security and our business processes. To follow are some of our key motivations:
- As security is Axenic’s core business, it is natural that we practice what we preach. We want to actively manage the security of our information as well as the information entrusted to us by our customers.
- It is a widely recognised standard – why reinvent the wheel? It is widely recognised and provides a framework for good information security management practices.
- Competitive advantage – Being certified provides us with a competitive edge. Our aim is that our clients see this as “we know what we are talking about, not only because we are qualified and have that track record with clients, but also because we have experienced it and been through the certification process ourselves.”
- Provide assurance to clients and other stakeholders – while it is not a certification that says an organisation is secure, it says that an organisation is actively managing security risks.
Our journey to certification
As the standard adopts a risk-based approach to information security, our journey started by conducting a risk assessment and identifying risk treatments. A standard risk management framework was required prior to that. Monitoring and measurement are also key to improvement, the standard outlines a set of requirements for these. Identifying performance measures that are linked to the objectives, as well as regular measurement, and management reviews are cornerstones to improvement. Having a certified ISO 27001 Lead Auditor was handy! Having a capable external party conduct the internal audit on your organisation’s behalf should also satisfy the standard’s internal audit requirement. We learned a number of valuable lessons throughout our journey. Even as professionals helping other organisations get their certification, our own experience was not exactly a breeze. Keep an eye out over the coming weeks as we share more insights into our journey to certification.
What’s in it for your organisation?
As an Axenic client, you are now able to gain assurance that the security of your information under Axenic’s custodianship is actively managed in accordance with the requirements of a widely accepted framework. We believe that building an Information Security Management System (ISMS) that meets the requirements of ISO 27001 can help improve your organisation’s security and business processes.
If you are a client of Axenic seeking ISO 27001 certification, you can have extra confidence that at Axenic we practice what we preach, not only by helping others get through the journey but by walking the path ourselves.
Finally, if you are thinking of working with Axenic, then having been through the ISO 27001 certification process ourselves, you can be assured that working with us provides you with practical, hands-on experience of building and operating an ISMS.
If your organisation is seeking ISO 27001 certification, you can have confidence that at Axenic we can help you effectively and efficiently navigate the journey. If you are considering starting your journey towards certification contact our team today!