Cybersecurity is one of the most critical issues for businesses today, and Everest Discovery is excited to share that the company has achieved ISO 27001:2013 recertification after passing its Security Surveillance II Audit for the seventh consecutive year. The company first earned ISO 27001:2013 certification in 2017 and continues to strengthen its security processes every year.
Achieving ISO 27001:2013 recertification is a significant accomplishment for any organization. It demonstrates a commitment to the highest standards of information security management and that the team has taken the necessary steps to maintain and improve the company’s information security management system.
ISO 27001:2013 is an internationally recognized standard for information security management that provides a systematic approach to managing sensitive information so that it remains secure. It outlines the requirements for establishing, implementing, maintaining and continuously improving an ISMS.
The recertification process involves a thorough audit of a company’s ISMS by an external auditor. The auditor will review all documentation, conduct interviews with staff and assess security controls to determine whether the ISMS meets the requirements of the standard.
To achieve ISO 27001:2013 recertification, an organization must demonstrate that it has:
- Maintained its ISMS: The organization must demonstrate that it has maintained the ISMS since the last certification audit. This includes ensuring that all policies and procedures are up to date and staff are trained in the latest security practices.
- Implemented corrective actions: If any nonconformances were identified during the last certification audit, corrective actions needed to have been taken to address them.
- Continued to improve the ISMS: The organization must demonstrate that it has continued to improve the ISMS by implementing new security controls or refining existing ones.
- Conducted internal audits: Internal audits of the ISMS need to be run to ensure that it is operating effectively and meets the requirements of the standard.
- Conducted management reviews: The senior management team must assess the policies and procedures and ensure the company is compliant.
When I first acquired Everest Discovery, I decided that getting our ISO certification was important to how we do business. We wanted to show our clients that we have an undeniable commitment to security and the best possible practices in place for handling the sensitive data we deal with each day. This includes not only the right technology but also the right training for our team. And while the certification procedure is a process that takes considerable time, it was something we knew was important and were excited to undertake.
Each year, our executive team commits the time it takes to go through the auditing process to maintain our certification and further our security commitment to our clients. We go through the proper testing to make sure all processes that are in place are still working and are being followed by our entire team. This also gives us the opportunity to refresh our team on what is expected of them and to give them any training needed to ensure we are following all the policies and procedures we have established to ensure we get recertified each and every year.
Getting an ISO certification is a commitment – both of time and technology – but it is well worth the peace of mind the results give to us and our clients.
View the press release on this topic.