Sovereign Business Integration plc, the independent IT services and business solutions specialist, has been assessed and certified as meeting the requirements of the International Organisation for Standardisation/International Electrotechnical Commission (ISO/IEC) 27001:2005 standard. This certification acknowledges senior management commitment and the resources available to implement, manage and maintain a stringent and secure Information Security Management System.
Information and the supporting processes, systems and networks are important business assets and need to be protected from security threats such as computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. This is a particularly important recognition for Sovereign in its offering of business-focused, premium quality data centre and colocation services for business-critical applications.
Richard Barker, CEO, Sovereign Business Integration comments, “ISO/IEC 27001:2005 provides assurance to our clients that Sovereign continues to maintain and enforce high levels of control to protect client information. The certification displays our continued commitment to assessing potential threats to the confidentiality, integrity and availability of our clients’ data and an acknowledgment of how we view our responsibility to minimise any risks that would impact on the smooth running of day to day operations; this is particularly key for those clients to whom we provide colocation, hosting, managed IT and outsourced IT services.”
The basic objective of the ISO/IEC 27001:2005 standard is to help establish and maintain an effective Information Security Management System, using a continual improvement approach. It reflects the principles of the OECD (Organisation for Economic Cooperation and Development) guidance on the security of information and network systems and implements the Plan-Do-Check-Act (PDCA) model.
With causes of damage such as malicious code, computer hacking and denial of service attacks now more common, more ambitious and increasingly sophisticated, the protection of data is key. Sovereign continues to recognise and improve upon its information security, as Barker explains, “Attaining the ISO/IEC 27001:2005 certification involved the enhancement of the set of controls in place for information security.”
Barker continues, “We enforced policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be firmly established, implemented, monitored, reviewed and improved where necessary to ensure that the specific security and business objectives of the organisation are met. This is done in conjunction with other business processes, as well as employee education on identification and reporting of potential risks.”
Steps taken to achieve the certification include:
Barker concludes, “Sovereign’s achievement of the ISO/IEC 27001:2005 certification displays our ongoing commitment to information security and reinforces how seriously we view data protection. It provides a level of assurance to our clients and prospects that the entire Sovereign team remains aware and educated in the correct methods of handling their data appropriately.”
