Michelle Stalling Senior Information Assurance Manager
Dan Johnson Global Director, Compliance and Continuity
It’s already been 20 years since Ensono1 started standardizing their processes, something they began to do even before ISO 27001 existed. This is a considerable achievement for the company. In an interview with Dan Johnson, Global Director, Compliance and Continuity, and Michelle Stalling, Senior Information Assurance Manager, we talked about why maintaining an ISO certification for so long is a significant milestone. What’s an ISO Certification?
There are many standards organizations, but the International Organization for Standardization (ISO) and the British Standards Institution (BSI) are the most widely recognized. While standards are not legally binding, organizations use them to showcase their commitment to quality or safety.
Certification requires organizations to be audited for compliance with specific standards. For instance, ISO 27001 is an information security standard.
Why is ISO 27001 certification necessary in cybersecurity?
To be certified with ISO 27001, an organization voluntarily commits to meet the requirements for managing its security risks. The standard text describes the requirements for information security management systems (ISMS) to manage sensitive information securely. Sensitive assets may include personally identified information, intellectual property, or data.
Meeting the ISO 27001 means the company can implement protocols to protect itself against data loss, theft, or unauthorized modifications.
One of the benefits of having ISO certification is that it gives another level of security. By having an ISO auditor evaluate our processes, we can check for areas of improvement. This third-party control enables us to have a continuous improvement cycle.
How can an organization obtain this certification?
To achieve ISO 27001 certification, an organization needs to meet several protocols:
Defining the scope of the information security systems.
Conducting an internal audit about information security risks to ensure data protection.
Map the potential impact of each risk.
Design a risk treatment plan based on this mapping.
Create a statement of applicability document (SoA), in which the general management commits to the cybersecurity measure described in the risk treatment plan.
Convert the risk treatment plan into an action plan with measurable performance indicators.
Contrary to popular opinion, the ISO certification is not issued by the International Organization for Standardization. An accredited certification body audits the organization’s compliance with the ISO 27001 standard.
Ensono’s history with ISO Certification
Our certification journey is reaching two decades this year. Ensono’s support of standards certification goes back to before the ISO standard ever existed. We have been certified under the previous British Standard BS 7799 that subsequently evolved into the ISO 27001.
Ensono’s journey with the ISO 27001 started in 2019. We started small, with two data centers. After achieving our certification, our operations grew, and we added the Wipro Data Centers.
As we grew, we started our journey towards a global certification with two more sites in the UK, extending towards a worldwide certification. Today, we have about 14 locations worldwide implementing ISO standards processes from India to Europe.
What being ISO certified means for Ensono
We take being ISO certified very seriously.
“By consistently maintaining ISO certification, we give our customers the peace of mind that their information is in safe hands”
– Michelle Stalling, Senior Information Assurance Manager at Ensono
At Ensono, obtaining and maintaining the ISO standard means more than just standardizing processes.
Applying ISO enables us to dig deep into our processes for all our teams and ensure appropriate controls are in place. The ISO provides a framework to make sure all teams have all controls and all processes covered daily.
Being ISO certified allows us to keep tight security of our information and technology platforms in delivering our managed services across all our business functions and departments. For us, it means we can give our clients the security that we’ve undergone these rigorous audits and been successful.
What it means for our clients
Organizations looking to strengthen their security posture may have concerns when outsourcing their information security to a third party. The ever-increasing number of cyber-attacks and data breaches adds to these concerns. Companies look to outsource to organizations that follow good security practices. By adhering to the ISO standards, everyone in the organization practices good security hygiene, going through security training and awareness.
Strong security is a must these days because of the changes in doing business, and many organizations have adopted some form of remote work. Security needs to be present everywhere, at the office, at home, on any device. Since the data constantly moves from the server to the cloud to the mobile device, it needs to be monitored and protected regardless of location or device.
The security awareness that comes with the ISO framework helps our clients ensure they’re embedding security in their processes.
At Ensono, we help organizations with their ISO processes. Our clients appreciate our expertise in ISO and the support we provide along their path to ISO certification. Here’s an example of what our clients are saying:
We understand that your time is precious, especially during these crazy times that we are all facing during lock-down. Still, equally, we know that as a company, you have been where we are now, going through ISO 27001 certification, and we appreciate that you are fully aware of how long and unfamiliar the process is the first time.
With thanks, Anonymous Customer
Our ongoing mission is to be a leader in ISO security standards and practices, providing support and guidance to companies everywhere. By improving our security protocols and adherence to ISO 27001 and BSI standards, among others, we aim to increase the overall security awareness of our network of clients and associates.
1 Factors in all the M&A including Attenda, Wipro etc. Attenda had the ISO Certificate and was acquired by Ensono.