Why Did Intergy Become ISO 27001 Certified?
What is ISO 27001?
Information security incidents have the potential to cause considerable financial and reputational damage to businesses of all shapes and sizes. The ISO 2700 series standards aim to help companies manage the risk of cyberattacks and internal data security threats, ensuring personal data, company data and intellectual property is protected at all times.The ISO/IEC 27001 is the world’s best-known standard for information security. It sets out the specifications for an effective Information Security Management System (ISMS) with a view to managing different security controls, regulating the flow of information and achieving central governance. The standard’s bestpractice approach helps organisations manage their information security by addressing people, processes, and technology.
The certification ultimately recognises businesses for demonstrating a high degree of dedication towards making information security a cornerstone of their internal and external processes. It is proof that businesses not only meet regulatory requirements but are dedicated to continued compliance. The road to achieving accreditation is a lengthy but rewarding one, with several considerations across every facet of a business’s operations. To adhere to the standard, businesses need to systematically examine information security risks, mitigate those risks with a range of information security controls and adopt a management process for those controls. Our process for applying and earning ISO 27001 was highly detailed, and we’ve summarised the main aspects of it below.
The Certification Process
Information Security Policies
- Management direction for information security
Organisation of Information Security
- Internal organisation
- Mobile devices and teleworking
Human Resource Security
- Prior to employment screening
- During-employment policies
- Change of employment/termination policies
Asset Management
- Responsibility for assets
- Information classification
- Media handling
Access Control
- Business requirements of access control
- User access management
- User responsibilities
- System and application access control
Cryptography, Physical & Environmental Controls
- Cryptographic controls
- Secure areas
- Equipment
Operations Security
- Operational procedures and responsibilities
- Protection from malware
- Backup
- Logging and monitoring
- Control of operational software
- Technical vulnerability management
Communications Security
- Information systems audit consideration
- Network security management
- Information transfer
System Acquisiton, Development, and maintenance
- security requirements of information system
- Security in development and support processed
- Test data
Supplier Relationship
- Information security in supplier relationship
- Supplier service delivery management
Information Security Incident Management
- Management of information security incidents and improvements
Continuity Management & Compliance
- Information security continuity & Reviews
- Redundancies
- Compliance with legal and contractual requirements
Our Risk Management Process
- Creating 14 dedicated policies and 16 procedures within the Software Development Life Cycle.
- Implementing policies and procedures using the Microsoft Security suite: M365, Intune, Defender, Purview, Azure and Sentinel.
- Ensuring that all machines have protections in place to prevent data loss and theft.
- Maintaining a centrally-managed cloud-based security measure to encompass our entire fleet of assets.
- Utilising Microsoft 365 hardening processes.
- Providing hardware and software backups and protection.
What this means for your business
Should you choose Intergy for your next project or to audit your existing software, you can rest assured that your information is securely handled and managed at the highest level of discretion within international standards. We are committed to adhering to the ISO standards of information security and your project, clients, software, and systems are safely managed with us. The ISO 27001 security standard enables us to manage security assets, such as financial information, intellectual property, employee data, and thirdparty information, at the highest level of professional data security and confidentiality.
We can assure our clients that regardless of whether their systems are Microsoft or open-source-based, we will adhere to the aforementioned controls and will assess every project with the highest degree of quality assurance and security. Our ongoing commitment to risk management and our continuous improvement registers serve to both protect our brand and best service our customers.
How Will Dealing With an ISO Certified Developer Benefit You?
- Integrity, confidentiality, and managed availability of data.
- Cloud and digitally stored data is securely handled and stored.
- Increased protection and resistance to potential cyberattacks.
- A centrally-managed framework that acts as a single source of truth.
- Time-sensitive responses to evolving security threats.
Acknowledgements
We would like to thank our knowledgeable and experienced ISO security consultants CSO Group, our talented technical support team Vertex Cyber Security, and our meticulous auditors SAI Global for helping us achieve this important milestone.
We are also very proud of the entire Intergy team for positively embracing all the required changes, and in particular: Guru, our Sydney ISMS Manager, and Prakash, our Head of Technology – in driving and implementing the changes.
Intergy: Well-Equipped to Keep Your Sensitive Data Safe
At Intergy, our primary concern is the security and quality of the services we provide. Now that we’re ISO-certified developers, we intend to maintain the level of integrity that got us here and to confidently take-on highly sensitive system builds.
If you have an upcoming project in mind and need the additional assurance of suppliers who are ISO-certified, please call or leave a message below. We would love to hear from you.