System certifications provide a seal of quality for organisations and ensure international comparability. The certification scheme defines minimum standards for specific topics and serves as an assessment basis for organisations. Independent external auditors provide the necessary objective view. Regular re-certifications not only ensure that the required standards are live in everyday business, but also that the demand for continuous improvement is met.
System certifications require management systems and thus company-wide control loops consisting of planning, implementation and review as well as intrinsic improvement and handling of deviations.
While this basis commonality exists, there are a wide variety of certifications depending on the subject area. The most widely used certification scheme is ISO 9001 for the establishment and operation of comprehensive quality management. From Austria and the United Kingdom to Zimbabwe and Micronesia, 888,521 companies worldwide are certified to ISO 9001.
ISO/IEC 27001 is a system certification for information security management systems. About 36,400 companies worldwide, including just over 80 Austrian companies, are certified to ISO/IEC 27001 (as of early 2020).
In an increasingly digital world, the security of our systems must be given high priority. The subject area is enormously extensive in both wide range and depth, so a documented, structured approach is recommended. Certification therefore lends itself not only to internal organisational development, but also to external transparency.
ISO/IEC 27001 for Information Security
ISO/IEC 27001 certification for information security systems gives customers the assurance that they can rely on cornerstones. The defined requirements are met by the company.
Microtronics is certified to ISO/IEC 27001. This commitment to implementing and maintaining an information security management system means:
- is aware of the problem area of information security, its vastness and influence in the dimensions of confidentiality, integrity and availability on the entire organisation.
- continuously addresses the associated risks, starting from the top management.
- plans measure to mitigate risks identified and to be reduced.
- implements planned measures and reviews implementation and effectiveness.
- remedies deviations and strives for continuous improvement.
ISO/IEC 27001 certification
What is ISO/IEC 27001?
The ISO/IEC 27000 series of standards is an internationally standardised management system for information security. The ISO/IEC 27001 deals with the requirements for this management system. Companies can be certified regarding the fulfilment of these requirements. This represents a defined quality barrier and ensures international comparability.
Certification according to ISO/IEC 27001 is a system certification. It always refers to the organisation itself. Therefore, no statement is made about the quality and security of an individual product or service.
ISO/IEC 27001 follows a strongly risk-based approach. This ensures a certain scalability depending on the size of the company.
For whom is ISO/IEC 27001 relevant?
ISO/IEC 27001 certification is ultimately beneficial for all customers. It is a commitment to systematically channel and address all confidentiality, integrity and availability concerns. It is relevant not just for business-critical applications.
An upright ISO/IEC 27001 certification can be found more and more often in the requirements catalogue of various tenders. The General Data Protection Regulation, as well as industry-specific regulations around critical infrastructure have also contributed to this. In particular, the coordinated maintenance of system availability plays a major role.
ISO/IEC 27001 is valuable in the digitisation of business processes. This is because external experts are often brought in for consulting and implementation. ISO/IEC 27001 is useful whenever expertise, know-how and business-critical information are exchanged to be able to discuss problems. It is also a sign that the information entrusted during cooperation is handled with care – regardless of whether it involves concepts or physical prototypes.
How will information security evolve in the IoT space?
When Microtronics started developing IoT solutions 15 years ago, it was considered a first mover and digitisation was still in its infancy. After years of strong growth into the mainstream, the Internet of Things has already gone through several phases of the hype cycle and is now entering the “Slope of Enlightenment”. You could also say that the Internet of Things is coming of age. This is expressed in a strong differentiation of IoT solutions and through stronger regulations.
The broad spectrum of applications means a lot of problem-solving potential. The Internet of Things has already found its way into almost all areas – whether private or professional. The latest bad news from cybersecurity has now found its fixed place in general-oriented media in addition to specialist sources.
IoT is in a quandary. Devices that are as cheap as possible are to be developed in a short time and celebrate a global market launch. The business is fast-moving. If the telephone took 75 years to reach 100 million users after its introduction in 1878, the app Candy Crush Saga managed this after just 15 months. New solutions appear on the market, but many of them disappear again shortly afterwards. Long-term, quality-oriented relationships are relevant to withstand market pressure.
New regulatory approaches, such as the European Cyber Security Act, are expected to change the market in the long term and place increased emphasis on security as an aspect of quality. For providers of cross-industry, vertical solutions, such as Microtronics, this is both a challenge and a great opportunity. Certification according to ISO/IEC 27001 is a targeted step towards security maturity.