On April 20th Krescendo achieved ISO27001:2013 annual re-certification, accredited by the BSI Group.
After obtaining the initial certification last year, we published a post describing how we went about it and how we thought it had been a worthwhile effort.
Retaining ISO27001 meant not only maintaining the high standards against which you were certified in the first place, but also showing evidence of continuous improvement.
Here are some of the things that kept us busy over the last 12 months:
– Moving the primary data center to a new enterprise class Tier 4 facility
– Upgrading infrastructure for enhanced access controls and data segregation
– Extending the Comprehensive, Lightweight Application Security Process (CLASP) methodology implementation to include more automation and industry standard vulnerability management
– Introducing industry standard build and Continuous Integration (CI) tools, company wide, for all projects
– Improving High Availability and Sustained Resiliency procedures
More will follow in the next 12 months… To keep on top of a fast-evolving technology environment, you need to keep moving.
Last year, we answered an unequivocal “Yes” to the question “was this all worth the costs and efforts?”. Today, the answer would be the same:
– Internally, our Information Security Management System feels like a “well oiled machine”, making it easy to focus on continuous improvement;
– Externally, client-driven audits and pre-contract due-diligence have become perhaps not quite a dream, but certainly not a nightmare experience.
ISO27001 continues to be an important foundation to build Krescendo’s future.