IBM NS1 Connect, IBM's portfolio of premium DNS and advanced traffic steering solutions that improve overall network reliability and user experience, recently achieved a significant milestone. On August 8, 2023 the NS1 Information Security Management System was certified by Certification Europe and awarded the ISO 27001 certification.
Why is ISO 27001 certification important?
As cyber-crime continues to rise, with new threats emerging on a regular basis, so it's difficult for businesses to manage the associated risks. The ISO 27001 standard helps organizations become aware of those risks and how to proactively identify and address weaknesses, specifically as they relate to information management.
In addition, ISO 27001 certification is recognized by customers, so is often used as a precondition to doing business. That's because in today's digital-first world, many customers will only deal with companies that have proven their security processes are robust and will protect their data. ISO 27001 certification provides that level of assurance, so it is key to both attracting new customers and retaining existing ones.
The focus of ISO 27001 is centered on the establishment of an Information Security Management System (ISMS) which has the following functions:
- Establish and operate a Risk Management System
- Defining security objectives and goal
- Continuous monitoring and improvement of security operations.
Coupled together with the SOC2 certification that IBM NS1 already possesses, the ISO 27001 certification demonstrates our strong commitment to the security of our global business partners. It also helps increase customer trust and confidence, as they know we take information security seriously.
About ISO 27001
The ISO 27001 certification is the internationally recognized global standard for managing risks related to the security of information that an organization holds. The standard ensures that customer and employee information is stored securely and complies with legal requirements such as GDPR. It also ensures the business has adopted a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving the Information Security Management System (ISMS). Certification to ISO 27001 helps businesses comply with numerous regulatory and legal requirements that relate to the security of information.
Per the International Standards Organization (ISO), the ISO 27001 standard is the world's best-known standard for information security management systems (ISMS) and formally specifies how the ISMS brings information security under explicit management control.
The standard defines the requirements an ISMS must meet and provides guidance on how to establish, implement, maintain and continually improve an information security management system. It also prescribes a set of best practices that include documentation requirements, divisions of responsibility, availability, access control, security, auditing, and corrective and preventive measures.
The ISO 27001 standard promotes a holistic approach to information security by defining security policy and practices. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. An information security management system that is implemented according to this standard then becomes a tool for risk management, cyber-resilience and operational excellence.
Receiving the ISO 27001 certification means that a business has a management system in place to manage risks related to the security of data owned or handled by the company, and that this system respects all the best practices and principles enshrined in this International Standard.
ISO Certification Process
Information security and management is a key part of the NS1 managed DNS service offerings, so complying with the ISO 27001 standard was closely aligned with our existing security program and practices.
The certification process began in March with a Stage 1 audit of 114 different security controls across fourteen different areas. Those areas were:
- Security Policy
- Organization of Information Security
- Human Resource
- Asset Management
- Access Control
- Cryptography
- Physical & Environmental Security
- Operational Security
- Communications Security
- System Acquisition, development.
- Supplier Relationships
- Security Incident Management
- Information Security in Business Continuity
- Compliance with Legal requirements
In June the Stage 2 assessment was completed which involved a thorough inspection of our documentation and evidence of practice complying with policy.
After all the assessments were completed, it was determined that the NS1 Information Security Management System is operating fully in compliance with the ISO 27001 standards, so we were recommended and awarded the certification.
Conclusion
As you can tell, ISO certification is not something that's easily accomplished, which is why this certification is so important, both to our company and to our customers. ISO 27001 certification recognizes that our company has made the investment (in time, money, resources, processes, training) to ensure that our information security is world-class.
#automation-feature-1#ProductUpdates/Announcements