ISO 27001 is, as you may know, an international standard for information security. This standard focuses on developing, implementing, monitoring and improving an ISMS (Information Security Management System), a system meant to manage and control information security. It is important that information security is considered as a process that is always important and will always continue to be important within our organisation.
Ever since January 1, 2011, BIT has been ISO 27001 certified. At the time, this certification was granted based on the 2005 version of ISO/IEC 27001. In the meantime, the people in the workgroup responsible for the ISO 27001 have been busy with the finishing touches of a newer version of ISO 27001.
A major advantage of ISO 27001:2013 is its compliance with the new high-level structure (HLS).of ISO. Amongst others, the new versions of ISO 14001 (Environmental Management System) and ISO 9001 (Quality Management) have also been developed according to this structure. Naturally, the entire system has been brought up to date by (further) recognising contemporary risks like identity theft and the use of mobile devices. This is simultaneously the end of diskettes in this standard.
This new version of ISO 27001 was officially published in September 2013. Not a very favourable moment for us, since we were in the middle of the recertification process. This made it impossible for us to immediately certify our systems with the new - altered - standard. An interim audit would enable us to upgrade our current certificate to the 2013 version.
In the past year we have busied ourselves with processing the changes resulting from the new 2013 version of ISO 27001. We have gone through all the points again, so we were well prepared for the upgrade.
We had our interim audit by DEKRA last September and could finally upgrade our certification. The auditor's conclusion on the interim audit was that we could continue our certification. Naturally, a number of improvement points came up as well. Of course these points will be carefully considered and implemented into our information security policy in the coming year.
The new version of our ISO/IEC 27001:2013 certificate can be found in our portal, both in Dutch and in English.