Hybrid IT systems integrator and managed services provider, Datacentrix, has successfully achieved certification to the International Organisation for Standardisation’s (ISO) information security standard 27001:2013, as well as proving compliance with two cloud-related best practice standards.
Ahmed Mahomed, CEO at Datacentrix, explains: “The company recently underwent a surveillance audit of its information security management system (ISMS) and cloud offerings and received internationally recognised assurance of its commitment to the security and privacy of its customers’ data.”
ISO/IEC 27001:2013 is the recognised standard for computer security, physical security, broader cybersecurity and privacy, as well as a guideline for best practices. Importantly, several of the ISO 27001 requirements also fulfil those for compliance with the European Union’s (EU) General Data Protection Regulation (GDPR), the United Kingdom’s (UK) Data Protection Act and the local Protection of Personal Information Act (POPIA).
“Implementing ISO 27001 demonstrates to regulatory authorities that Datacentrix takes the security of information it holds seriously and, having identified the risks, has done as much as is reasonably possible to address them.
“There has been much discussion surrounding the implementation of compliance with these laws and regulations, including the potential impacts of security risks,” he says. “Establishing an ISMS that adheres to the internationally recognised best practice framework of ISO/IEC 27001:2013 helps reduce the likelihood of breaches, demonstrates the controls we have in place, and allows us to react to these security risks faster.
Datacentrix chose to extend its audit to include ISO/IEC 27017:2015, a security standard developed for cloud service providers and users to deliver a safer cloud-based environment and reduce security risks, and ISO/IEC 27018:2019, a code of practice that focuses on protection of personal data in the cloud.
The ISO/IEC 27017:2015 framework provides cloud users with practical information on what should be expected from cloud service providers like Datacentrix, outlining the shared roles and responsibilities of the cloud, and also verifying that cloud services are being effectively utilised.
ISO 27018:2019 is a certification awarded to companies that take rigorous measures to protect personally identifiable information (PII). This could include contact details, bank statements, IP addresses and medical records. A company that is certified to be ISO 27018:2019-compliant on an annual basis has proved that it provides the highest possible level of protection for personal data, and is actively identifying and mitigating risks.
“In line with our acceleration into the hybrid IT space, providing local businesses with a multi-cloud, multi-vendor ecosystem, Datacentrix felt that it was important to provide its employees and clients with the correct tools to make the most informed business decisions, while also assuring customers that information processed in the cloud is highly secure”.
For more information visit www.datacentrix.co.za.