Achieving the ISO 27001 certification is the result of a vast amount of effort and involvement from every member of NEWORDER. We are constantly challenging ourselves to improve our service offering and to provide Information Security Professional Services that exceed the needs and expectations of our customers. But what is ISO 27001, and why does it matter to you, our client?
ISO is an independent, non-governmental international organisation with a membership of 167 national standards bodies. ISO was founded in 1946 by delegates from 25 countries, who met to discuss international standardisation. In the early days, there were 67 technical committees made up of technical experts, each with a focus on a specific subject. The first secretariat, in Geneva, only had five full-time employees! By the mid-1950s, there were 68 standards in place, called recommendations in those days.
Fast forward to 2022, and there are over 24,261 standards covering everything from health and safety to energy management to food safety to information security.
ISO 27001 was introduced in 2005 by ISO and the International Electrotechnical Commission’s (IEC’s) joint technical committee, JTC1. ISO and IEC recognised the increasing reliance on information technology and the need to secure systems and minimise risk. ISO/IEC 27001 was designed as a management system standard for information security. The original standard, ISO 27001:2005, became one of ISO’s most popular standards. The standard is regularly updated, and the current version, ISO 27001:2022, was amended as recently as October.
ISO develops the standards but does not perform certification. This is performed by external certification bodies. Certification is, according to the ISO website, “the provision by an independent body of written assurance (a certificate) that the product, service or system in question meets specific requirements”. An accreditation body accredits certification bodies (again, not the ISO). Certification demonstrates that a product or service meets the expectations of customers. For some industries, certification is a legal or contractual requirement. Where it is optional, it clearly indicates that the certified organisation is dedicated to the highest operating standards. Achieving ISO certification requires considerable commitment and effort.
ISO/IEC 27001 is not a standard solely for information security solutions providers like NEWORDER. The requirements are designed to be generic and applicable to all organisations. However, at NEWORDER we believe ISO 27001 certification is confirmation of our promise to provide all our clients with service based on technical excellence, experience and expertise, quality, and integrity. ISO 27001 provides the requirements for establishing, implementing, maintaining and continually improving an information security management system – and this is the service we provide to you, the client.
ISO/IEC 27001 provides information on the adequate and proportionate security controls that protect information assets. It helps organisations and helps NEWORDER as your service provider to:
Because NEWORDER is working to these exacting standards, you have the peace of mind of knowing your ISMS is safe and secure in our hands.
If you would like more information on our ISO 27001 certification and the full range of ISMS services we offer, contact us today for a no-obligation discussion.
