STEP LOGIC receives conformance certificate for information security management system conformance to safety requirements of the standard GOST R ISO/IEC 27001
In confirmation of the fundamental resolution to ensure security of the customers’ and partners’ information, STEP LOGIC has successfully completed the procedure of certification for compliance with the standard ISO/IEC 27001 “Information Technology. Security Techniques. Information Security Management Systems. Requirements”.
STEP LOGIC consistently and systematically develops competencies in the sphere of corporate management, following the leading and well-proven global practices. This allows the company to position itself within the group of companies as the leader of IT and information security competencies.
The ISO/IEC 27001 standard is the generally recognised international standard in the sphere of information security management (in what follows – SISM) and comprises recommendations for complex and effective protection of information with regard to principal business processes, valuable information assets, as well as relevant threats and risks. The history of the standard’s establishment and development exceeds 20 years; during the period it has proven itself as a convenient tool for management of information security risks, increasing the maturity level and development of the management systems for organisations of any size and sphere of activity. Moreover, the terms, structure and approach of ISO/IEC 27001 are rather closely related to other ISO standards, in particular, the quality management standard ISO 9001, the conformance to which has also been annually confirmed by STEP LOGIC for many years. Therefore, the joint implementation of these standards is the most effective choice.
The positive result can be seen even now: the conformance of the company’s business goals and information security goals has been assured, information security risk management processes have been formalised, organisational documents for information protection have been systematised, priorities have been established and activities planned for support and maintenance of SISM, and effectiveness of the applied software and hardware protection tools has been improved. SISM processes are thoroughly integrated in the quality management and business risk management system existing in STEP LOGIC, which allows carrying out operative control and analysis of changes in the company from the perspective of information security.
The key factor for successful implementation of ISO/IEC 27001 standard in STEP LOGIC was the interest of the management and high qualifications of project participants, involvement of SISM implementation experts in the project. The tightly-knit team and the existing quality management system of the company ensure a solid foundation for further improvement of the offered services and effectiveness of IT costs.