Information Security

Full version of certificate

ADD Grup fulfills the requirements of ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements.

Using this standard helps our company manage the security of assets such as financial information, intellectual property, employee details or information entrusted to us by third parties.

ISO/IEC 27001 requires that management:

- Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;

- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable;

- Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

Application of this standard regulates the following aspects:

- Security policy;
- Organizational methods for ensuring information security;
- Resource management;
- Users of the information system;
- Physical security;
- Management of communications and processes;
- Access control;
- Acquisition, development and maintenance of information systems;
- Management of incidents of information security;
- Continuity management;
- Compliance with the requirements.

Issues that are solved with implementation of ISO/IEC 27001:

Potential information breach, damaging reputation
- It requires us to identify risks to our information and put in place security measures to manage or reduce them
- It ensures us implement procedures to enable prompt detection of security breaches
- It is based around continual improvement, and requires us to regularly review the effectiveness of our information security management system (ISMS) and take action to address new and emerging security risks

Availability of vital information at all times
- It ensures that authorized users have access to information when they need it
- It demonstrates that information security is a priority, whilst reassuring stakeholders that a best practice system is in place
- It makes sure us continually improve our information security provisions

Confidence in company ability to manage information security risks
- Gives a framework for identifying risks to information security and implementing appropriate management and technical controls
- Is risk based – delivering an appropriate and affordable level of information security

Difficulty in responding to rising customer expectations in relation to the security of their information
- It provides a way of ensuring that a common set of policies, procedures and controls are in place to manage risks to information security
- It gives us a straightforward way for responding to tender requirements around information governance

Responsiveness to rising customer expectations in relation to the security of their information
- It ensures senior management recognize information security as a priority and that there is clear tone from the top
- It requires us to implement a training and awareness program throughout company
- It requires management to define ISMS roles and responsibilities and ensure individuals are competent to perform their roles