Xait is awarded the Certificate of Conformity to the ISO 27001 standard after successfully passing an audit by PECB.
Xait demonstrates commitment to safeguarding sensitive and confidential data. Due to the expanding scope and volume of regulations, the way firms consume data and engage with their data providers is evolving, with new requirements for enhanced levels of flexibility and efficiency in their data management processes. Xait meets the highest international security standard. ISO 27001 is an internationally recognized information security management standard which ensures that a business has stringent processes in place to identify, manage and reduce risks to information security.
“Xait has adhered to the ISO 27001 standard for many years. It has helped us improve the information security for Xait and our clients in a structured way. On behalf of Xait, I am very pleased to receive a formal acknowledgement,” exclaims Mr. Hans Lie, CISO in Xait.
A quick look at the three most important areas the ISO 27001 covers:
- An overarching process to ensure that information security controls continue to meet information security needs for both your organization and its customers on an ongoing basis.
- It designs and implements a comprehensive set of information security controls and other risk management measures to address those risks that are deemed unacceptable.
- It systematically examines the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts, and has measures in place to manage or reduce them.
“Information is an extremely valuable asset that we handle with great care in Xait. When properly managed, it allows both Xait and our customers to operate with confidence. Xait’s information security management is an important part of our business model that ensures the confidentiality, integrity and availability of our customers’ information,” says CEO Mr. Owe Lie – Bjelland.
What is ISO/IEC 27001
ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information risks (called ‘information security risks’ in the standard). The ISMS is an overarching management framework through which the organization identifies, analyzes and addresses its information risks. The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts – an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.
The standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defense, healthcare, education and government). This is clearly a very wide brief.
Certified compliance with ISO/IEC 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organizations that are concerned about the security of their information, and about information security throughout the supply chain or network.