News

ISO 27001:2013. Information Security

03-20-2015
ISO 27001:2013. Information Security

The Company has successfully completed the upgrade to the new version of ISO 27001: 2013, the gold standard for the Management of Information Security.

This certification has become a real improvement tool for ICT companies, especially those offering cloud services. The new version of 2013, adapts to the changing environment of companies in the IT industry, increasingly giving importance to information security, risk and its realization in all types of organizations and in all regions.

The most significant changes in this new version of the highest rating on Information Security, not only appear in the content but also in the structure of the standard. We detail some of the highlights:

· The risk analysis process is now more simple and real, simplifying the process where risks and opportunities are identified.

· The concept of leadership is introduced. It becomes necessary that someone in the organization lead the security management: the CISO.

· ITIL methodology .The new standard introduces concepts of operation, Support, Configuration, etc., in line with the methodology of process management best suited to the enterprise IT, gradually abandoning the famous PDCA spirit.

· Communication about security is now a requirement. Under the new section 'Communication Support ', security appears as a mandatory to carry on stakeholders milestone security system.

· Less controls, and more domain control. Supplier management becomes one of the main objectives for providing security.

· The definition of objectives are now based on politics, with noticeable improvements in indicators management.

· 'Project' as a keyword, replacing the old concept of 'management system', which translates into changes in how resources, people, tasks, calendars, etc. should be managed.

The company congratulates all the team and in particular those who have worked, are working and will keep on working to keep up to date something as increasingly important for the company, as is the Information Security.