SEG successfully completed a ISO27017:2015 – Cloud Security and ISO27018:2019 – Personal Data Protection audit with Sancert.

What’s more, they used HSEC Online®, their cloud-based engineered solution used for document management and compliance in the Health and Safety industry.

ISO Cloud Services PII
ISO GDPR SANCERT
ISO Quality 9001-2015
cropped-sancert_logo-1

Information Security Management – It’s time

By Leon Swart, Chief Executive Officer at Sancert

According to Wikipedia ISM (Information Security Management) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities”. This is a big ask from any company, and to top it off you need to ensure you comply with POPI (Protection of Personal Information) in South Africa, or if you are dealing in the EU you have to consider GDPR (General Data Protection Regulation). Furthermore, if you are managing and storing data in a cloud system this too needs consideration.

ISO/IEC27001:2013 soon updating to ISO/IEC27001:2022 suggests the necessary tools to allow for good risk review and apply suitable mitigation to ensure good ISM in your operation. Developing and implementing an ISM program has become more relevant than ever, especially after having to deal with more critical data via social media platforms, SharePoint type platforms and the contentious work from home. Out of sight, out of control? Not necessary.

If a company applies the principles of ISO/IEC27001, good controls can be entrenched to ensure data is protected as best as possible. ISO also addresses cloud management programs under ISO/IEC27017 and ISO/IEC27018. These guides are invaluable in setting a good foundation for data management and protection.

Currently Sancert is the leading accredited certification service provider in SA for ISO/IEC27001. We strive to assist our clients with an overall risk review of its data management system and see where possible risk might occur so that good risk treatment can be applied.

Saryx Engineering Group powering HSEC Online® being a long-standing client of ours, have embraced the ISO tools and have built their IMS (Information Management System) into a well-integrated risk program that allows for review of all business risks from quality, health and safety to data security and cloud management programs. This allows SEG to offer their clients confidence in the shared data and client IP that they have access to, to the best of SEG abilities.

Whilst certification might not be on the cards for your company, it would be a good test to run over an ISO/IEC27001:2015 check list and see how you perform.

No Comments

Leave a Comment

Your email address will not be published.