Nucleus was recently granted a new ISO 27001:2013 certificate for data security. It’s not new, but today we are certified for the most recent version of the standard.
The new version focuses much more on the quality of services by suppliers. To get the certificate Nucleus had to make the rules of cooperation for suppliers much stricter. Nucleus must to be able to demonstrate that the necessary measures are taken in terms of data security and privacy. We obviously prefer to work with partners who are also holders of the ISO 27001:2013 certificate.
In addition, the new standard also pays more outspoken attention to project management and secure development. This ensure that all tools we develop for (internal) use are also developed according to secure processes. In practice this means that we take into account a number of specific security rules during the development.
Finally, we checked each section of the standard to find out which aspects we could further improve. Because the fact that we got the previous standard does not mean there is no room for improvement. Nucleus is not standing still.
With this new certification we are at the top of our industry in terms of data security. And we are proud of it, though to us data security is simply the obvious thing to do. In our business it is indeed an absolute top priority. But what does the standard imply in practice?
ISO 27001 is a standard prepared by the International Standardisation Organisation (ISO) to describe how data security must be organised in a company. The most recent version of this standard was published in 2013 and is developed by the world’s leading experts in terms of information security. The standard supplies the methodology for the implementation of information security in an organisation.
Every organisation can decide for itself whether or not to implement ISO 27001, but it obviously involves quite some requirements and work. Companies can be certified after the implementation, which means that an audit is conducted by an independent body. This organisation will confirm after the audit whether the organisation implemented information security measures in line with the ISO27001 standards and gives permission to issue the certificate. This certificate is not everlasting, though: a new audit must be performed at regular intervals.
The ISO 27001 standard is all about protecting the confidentiality, integrity and availability of the information in a company. This is done by mapping out potential risks and determining how these problems can be avoided in the future.
The measures to be taken by companies or organisation can be divided in three large categories: policy, procedures and technology (hardware & software). It is not only about IT security (firewalls, antivirus, etc.) but also about processes, legal protection, human resources, physical protection, etc. Most attention actually goes to policy and procedures, in other words, the writing of the guidelines required to avoid security breaches.
What’s in it for you?
This ISO standard is simply a quality label that shows that we see data security as an absolute priority and that we make every endeavour to optimally protect your data (and your privacy). In other words: if we host your data, you have nothing to worry about.