For Appknox, the privacy and security of user and business data have always been the topmost concern. And we have always tried to improve our risk management structure and constantly become better at what we do.
Continuing on our glorious journey, we are more than delighted to announce that Appknox is now Information Security Management System (ISO/IEC 27001:2013) Certified. This reputed certification surely adds more trust and value to our already security reliable organization.
Table of Content
What is the Information Security Management System? (ISMS)
The Information Security Management System or ISO 27001:2013 certification is an extensive approach adopted to secure the confidentiality, integrity, and availability (CIA) of the user and business information. The major goal of ISMS is to come up with a guiding framework regarding how an organization should manage its sensitive information. Correspondingly. It consists of policies, controls, and procedures involving processes, people, and technology.
Purpose of ISMS
The Information Security Management System serves numerous security-oriented functions. Some of them include:
● Identifies and analyzes information security risks
● Establishes the entire security framework including roles and responsibilities
● Acts as a reference to the key policies and procedures and how those relate to critical working areas
● Assists in establishing and reviewing security-related company objectives
● Helps communicate established objectives to the employees and enables a culture of continuous improvement
Elements of Information Security Management System
Before diving even deeper into the certification’s details, let’s try to find out what the key elements of the security management system are. Some of the key elements of the ISO 27001 ISMS include:
Introduction: This key section highlights information security in detail and why and how an organization should focus on it.
Organizational Context: This explains who the stakeholders should be in the development and maintenance of the ISMS.
Policy: This section describes the policy framework being followed for ISMS implementation.
Leadership: This explains how the leadership within the organization will commit to ISMS procedures and policies.
Planning: This covers how security risk management will be planned across the organization.
Implementation and Operations: This key element describes how the security management system will be implemented and how daily operations will be managed.
Internal Audit and Performance Measurement: This section provides guidelines on monitoring and measuring the performance of the ISMS.
Improvement: This describes how the security management system can be continually improved and updated followed by the audit results.
Related topic- Compliance Checks That Businesses Need To Follow
What is ISO/IEC 27001:2013?
The ISO/IEC 27001:2013 standard sets forward the requirements for the implementation, maintenance, and continuous improvement of an InfoSec management system inside an organization. It also includes guidance on how information security risks should be assessed and treated based on the needs of a business. The security requirements established in ISO/IEC 27001:2013 are pretty generic and are applicable to organizations of all types and sizes.
To know more about ISO click here
List of Control Sets:
The security controls that one must choose to implement depending on the level of risk assessment and treatment are mentioned in the list of ISO 27001 Annex A Controls. The list of security controls is as follows:
A.5: Information security policies
A.6 Organization of information security
A.7 Human resource security
A.8 Asset management
A.9 Access control
A.11 Physical and environmental security
A.12 Operations security
A.13 Communications security
A.14 System acquisition, development, and maintenance
A.15 Supplier relationships
A.16 Information security incident management
A.17 Information security aspects of business continuity management
Appknox’s Approach Towards ISMS
We believe in aligning our business goals with the core ISMS objectives and drive our business performance strategically on the lines of the standards defined by the Information Security Management System. By defining key control and performance metrics and measuring our performance against them on a regular basis, we believe that we will continuously improve on our implementation of the ISMS.
We have outlined a detailed implementation plan for the ISMS ranging from the identification of key quality and InfoSec objectives to continual improvement plans and thorough management reviews. We believe that a well-thought implementation plan supplemented with smooth execution can bring the best possible results.
Roles and Responsibilities
At Appknox, we will make sure that each and every member of the organization is taking the responsibility of ensuring that the required processes and compliances within their area of operations are being met. All the process owners own and maintain the process documentation and regularly communicate developments to the top management to determine impact. The management is responsible for making sure that the processes related to ISMS are properly established, implemented, and maintained.
Review and Upgrading
After the issuance of the certification, it is important for us to maintain the best possible security standards in order to prove our continued excellence at the upcoming surveillance audits and continue on our subsequent certification journey. For this, we will be reviewing our security standards every 6 months and find out new and innovative ways to come up with improved security controls for our customers.
Why ISO 27001 Information Security Certification is Such a Big Deal?
ISO 27001 is considered the global gold standard when it comes to information security. Across the globe, only a few thousand companies like Pfizer and Xerox have obtained this certification and we feel immensely proud to be a part of this league.
Whenever a task related to cybersecurity is outsourced, it must be done so with trusted suppliers. As a trusted security supplier, we have always been strict with our data handling procedures and that is why our clients trust us with sensitive information ranging from bank details to social security details.
With ISO 27001 certification, we now feel even more responsible to ensure that the data assets of our customers are properly safeguarded and that all the required precautions are taken to maintain the best possible security standards. With regular internal assessments and audits, we will also make sure that we strive forward on a path of continuous improvement.