ISO 27001
Caring about data security
Communications and Operations
Our processes and activities are secure and clearly identify inputs and outputs. A detailed procedure defines the work that needs to be done, by who and under what circumstances. Authority and responsibility are attributed.
Information Systems Management
Confirmation that your data is being processed, provide you with access to your personal data and other supplementary information.
Business Continuity
The business continuity plan that recognises potential threats to the organisation and analyses what impact they may have on day-to-day operations. A way to mitigate these threats, putting in place a framework which allows key functions of the business to continue even if the worst happens.
Asset Management
Maintain a single inventory of information asset groups and ownership: hardware, software, information database, service and other assets.
Physical and Environmental
Physical security will allow us to protect information - material: hardware, information media and - intangible: spoken words and shown data on screens and posters, from physical threats: unauthorized access, unavailabilities and damages caused by human actions, and detrimental environmental and external events.
Compliance
Enable identity and authentication solutions, use appropriate access controls, implement and use industry-recommended antimalware solutions, address the need to encrypt all customer data, review penetration testing and threat modeling processes, log security events, be able to determine the root cause of incidents, train all staff in cybersecurity issues, keep service and server inventory current and up-to-date, maintain clear server configuration with security in mind.
Information
Ensure information is kept confidential, integral, authentic and reliable. We will make information available to the duly owners on demand.
Human Resources
Ensure that all employees, contractors and third party users are aware of information security threats and concerns, their responsibilities and liabilities, and are equipped to support organisational security policy in the course of their normal work, and to reduce the risk of human error.