Aislelabs is the only location analytics and marketing company that is ISO 27001:2013 certified in information security. This is vindication for our unceasing toil at being industry leaders in providing value for our customers and rewarding their trust. Commitment to information security is a key tenet that any business must look for in vendors and the following blog post describes in detail why it should inform your choice in vendors.
ISO 27001 – A Better Way
ISO 27001 certification is an internationally recognized standard for information security management that helps organizations identify and implement processes for the protection for their data. Working in a globalized economy that is highly dependent on information technology, it’s crucial to have standardized protocols that govern all participating companies.
The ISO defines it as:
“The information security management system preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed”
ISO 27001 is essentially a standard for Information Security Management. It is the process by which an organization identifies and manages its security-related risks and vulnerabilities, implements policies for these risks, determines the appropriate measures to address them effectively, and continuously improves its information security management processes. It does this while integrating into its overall management system or operational budget cost-benefit analysis that reflects its performance rating over time.
Aislelabs is the only location analytics and marketing platform to be fully ISO 27001 certified – while other companies in the industry have data centers that are ISO 27001 certified and stake a similar claim. The recommendation for ISO 27001 came from SAI Global Assurance who have reviewed Aislelabs’ IT security program, confirming it met the standard’s requirements for establishing, implementing, and maintaining an information security management system (ISMS).
An ISO 27001 certification is a firm stamp of approval that the company is in control of the processes used to manage your security, that continuity is maintained and these best practices conform with the industry’s practices or sector-specific regulations.
The importance of the information security management system is to provide an oversight framework that meets the requirements of ISO/IEC 27001:2013 and internationally recognized standards. It ensures that the organization’s information security objectives are clearly defined, documented, implemented effectively, and monitored. To do this effectively, it is important to base security around policies and procedures rather than on a “reactive” approach. The ISO 27001 is a certification of standardisation, aimed at ensuring that companies do not have a disjointed, piecemeal approach to it.
The Aislelabs Advantage
A significant measure of the success of information security is based on assessing the risk posed by threats and vulnerabilities and mitigation through proper software engineering, infrastructure management, policy implementation, education on how to avoid threats, penetration testing, and security assessments. Aislelabs provides the highest rated information security for our clients, ensuring that the three core tenets of ISO 27001 are paramount:
- Confidentiality: The confidentiality of the data collected by the company or organization is always protected.
- Integrity: The data collected will not be modified or distorted to misrepresent the information contained within.
- Availability: The company or organization has taken steps to minimize, eliminate, or has contingencies to deal with downtime.
Aislelabs was scrutinized across 14 groups, 114 controls, and 35 control categories of business practices with not a single non-conformity found. The control groups below were judged by SAI Global and are an overview of the measures Aislelabs has taken:
- Information security policies: Management-approved policies for information security that are communicated to all stakeholders and are consistently reviewed as the company scales.
- Organization of information security: Ensuring that all stakeholders in the organization are aware of their duties in maintaining information security with roles and responsibilities assigned and all devices adhere to them.
- Human resources security: Ensuring that the organization’s information security is not compromised by employees prior, during, and after employment through appropriate screening measures and controls.
- Asset management: Controls for assets that must be accounted for with guidance on responsibility, information classification, and handling of media.
- Access control: Guidance and controls on ensuring that there is no unauthorized access to sensitive information and applications.
- Cryptography: Ensuring that cryptographic protocols for the protection of information are to be developed and implemented through the whole lifecycle.
- Physical and environmental security: Ensuring that no unauthorised physical access, damage, and interference to organization’s information, information processing facilities, and equipment.
- Operations security: Maintaining a high level of procedural safeguards on the information and information processing centers.
- Communication security: Maintaining and ensuring a high level of security of information in the network.
- System acquisition, development, and maintenance: Systemizing information security as a central process in the organization’s life cycle.
- Supplier relationships: Ensuring all third parties maintain comparable levels of information security.
- Information security incident management: Ensuring processes in managing and reporting security incidents. Part of this process involves identifying which employees should take responsibility for certain actions, thus ensuring a consistent and effective approach to the lifecycle of incidents and responses.
- Information security of business continuity management: create an effective system to manage business disruptions and ensure redundancies and business continuity.
- Compliance: Ensuring that the organisation identifies and complies with relevant legislation and laws in all the markets that it operates in.
ISO 27001 is the best security management system available and is an internationally recognized standard that ensures an organization has the right security controls in place. It can reduce business risks by better managing information, physical and people control, and it can improve the operational performance of all processes by creating a better environment for sharing knowledge and information. A partnership with Aislelabs ensures that any business processes that we undertake are with the highest levels of information security and is codified into the three pillars of people, processes, and technology.