Information security is one of the central interests of the modern organization. The volume and value of the data used in daily business is increasingly informing how organizations work and how they are successful. More and more companies are becoming ISO 27001 certified to protect and be seen.
ISO 27001 is an internationally recognized and independent specification for the Internet Security Management System. It provides a comprehensive checklist of security controls that will be considered for use in the context of the organization’s information security audit. ISO 27001 certification enables Interoute to demonstrate a safety management environment with robust information to manage safety and reduces the risk of consistent information in its operations.
Control areas of ISO 27001:
Security Policy Management: Interoute offers a full range of security policies that define the principles of security management in all of our operations, enabling us to achieve ISO 27001 certification for our certification center and the ISO 27001 certificate or national equivalent for data center operations in Amsterdam, Berlin, Geneva and Stockholm.
Asset management: Interoute maintains official inventories of information assets that must be protected by a comprehensive set of policies, processes and security controls. This details all services and components platform, with predefined functional maintenance owners, and is reviewed annually.
Physical and environmental security: Interoute’s business systems are maintained in an ISO 27001 certified data center with 24×7 security guards, camera surveillance and intrusion detection. Any physical access is limited to Interoute employees.
Communication and management: Interoute’s security policy addresses the correct and secure operation of information processing facilities to protect and maintain the integrity and availability of information and information processing facilities, thereby minimizing the risk of system failure. These include safeguards, segregation of duties and additional security solutions in both Interoute systems, available to customers based on requirements.
Access control: The Interoute security policy includes the logical and physical access controls, as well as functions of specific products to protect critical information. Access to data and systems is based on the principle of least privilege, and the rights granted are based on functional responsibilities. This is regularly reviewed to ensure safety compliance and includes a specific non-compliance indexing process.
Development and maintenance of systems: Interoute has integrated security at every stage of the system development lifecycle with questions or deviations that have degenerated into safety and risk management for assessment and remediation.