Project Management Software - Easy Projects - Logo
1-888-261-9878
 Questions? Call us Toll Free!
Pages Menu

Posted by on Mar 5, 2012 in Easy Projects | 3 comments

Our Datacenter gets ISO 27001 security certification

We’re delighted to announce that our data center has successfully completed its ISO/IEC 27001:2005 security certification.

ISO 27001 is an ISMS (Information Security Management System) standard by ISO and IEC from 2005 for managing information security.

ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS). It specifies requirements for the management of the implementation of security controls.

It’s an international security standard not limited to just North America.

How does it compare to SAS 70?

SAS 70 is a statement on auditing standards by AICPA (American Institute of Certified Public Accountants) from 1993, where an independent auditor is to evaluate service providers controls and generate a report based on the evaluation.

Judith Sherinsky, a technical manager on the audit and test standards team at the AICPA writes about SAS 70:

“It isn’t a measure of security, it’s a measure of financial controls.”

A SAS 70 audit does not rate a company’s security controls against a particular set of defined best practices, and because SAS 70 was meant to look at financial controls, a SAS 70 audit report may contain many items that are not at all related to information security.

The fact that a company has conducted a SAS 70 audit does not necessarily mean any of its systems are secure.

Key difference: ISO/IEC 27001:2005 guarantees that a provider has been audited on established security guidelines and requirements unlike the SAS 70 that leaves it up to the provider to choose suitable things to audit on.

Project management software for small businesses and enterprises

  • http://www.iso27001-certification.com/ ISO 27001 Manual

    ISO 27001:2005 (the current version of ISO 27001) provides a set of standardized requirements for an information security management system (ISMS). The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving your ISMS

  • max India

    Being awarded the ISO 27001 certification confirms that our organisation has
    professionally and efficiently implemented all the processes relating to data security.

  • http://www.dascert.com.my/ DAS Certification Malaysia

    Congratulations! Thank you for sharing the information.