ISO 27001 Certification – what does it actually mean?
I constantly hear of people demanding that their suppliers must have ISO 27001 certification; but what does it actually mean?
ISO 27001 (and specifically the 2005 revision, represented as ISO/IEC 27001:2005) is a standard which defines 20 mandatory clauses and 133 optional controls for the implementation and measurement of an effective Information Security Management System (or ISMS for short). In brief – we are ultimately trying to ensure the continual protection and improvement of three key factors: Confidentiality, Integrity and Availability, often referred to as the “CIA”.
The wording of our scope is an “Information Security Management System for the provision of managed hosting, cloud computing and colocation services”. This importantly includes all of our datacentres and offices as well as departments and employees all of which will now continue to be externally audited by BSI (the British Standards Institution) twice a year to ensure that we are always maintaining the highest level of compliance with ISO 27001.
One of the key aspects of ISO 27001 is to check that the appropriate management support and systems are in place, ensuring a continual improvement programme is in use and providing visibility of risks, vulnerabilities and threats throughout the business. It is important to remember that Information Security is not a “fix and forget” system, it is a living, breathing integral part to the DediPower approach for all of our solutions and the way we work.
Over the last two years, DediPower have performed a comprehensive overhaul of their ISMS ensuring it is in-line with best practice and could be audited to highest standard by BSI with full UKAS (United Kingdom Accreditation Services) accreditation.
I am therefore pleased to announce that DediPower Managed Hosting is ISO 27001 certified and we have chosen to be extremely vigorous in our selection and scoping – implementing all 20 mandatory clauses and 129 of the 133 optional controls (there are 4 controls which aren’t relevant to DediPower).
Should you have any questions, please feel free to contact me directly or through your account manager, and look out for more blogs on our certification and ISMS.