So what is ISO27001? This is my first experience working directly with ISO27001. It is an international standard that provides requirements for establishing and maintaining an information security management system (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
The standard includes 114 controls across the following clauses:
Why does it matter? For me, ISO27001 matters because it forced us to mature our overall program. Over the past eighteen months, we’ve implemented many new controls that help us to better protect our clients’ data and help to ensure the availability of SearchLight, our digital risk protection offering. I’m not saying these new controls will prevent intrusions and outages, but our resiliency certainly has matured, and our customers have benefited. ISO27001 has become a critical component of our overall risk management strategy.
I’m proud of the Digital Shadows team for accomplishing this milestone, but as you well know, there is no finish line. We have new offices to bring into the ISO27001 fold, and we have to maintain the certification.
We recently recorded an interview discussing the certification; you can check it out below.
To stay up to date with the latest digital risk and threat intelligence news, subscribe to our threat intelligence emails here.
Source: Digital Shadows