At Menerva Software, securing our customer’s information has always been of paramount importance to us. So, it is with immense pride that we announce that our company is now ISO/IEC 27001:2013 certified. This certification by the BSI is an important milestone in our journey as a data analytics company. It is something we have been working towards as a team from our inception. Being a custom data software company means that a significant amount of information passes through our systems. We’ve always been vocal about safeguarding this data by establishing uncompromising standards, norms, and procedures. But as the saying goes, ‘The proof is in the pudding’ and our ISO 27001 certification just goes to show that we have walked the talk too.
About ISO/IEC 27001 and its significance
Simply put, ISO/IEC 27001 is a standard for businesses to handle information securely. The norms were jointly penned by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Significantly, both these global organizations have been around for over 75 years and are helmed by experts in the field of information security. The manual was first published in 2005. The joint committee later updated and re-published it in 2013 with stricter norms (hence the name ISO/IEC 27001:2013).
At present, it is the only universally recognized, auditable security benchmark that can evaluate a business’s ability to protect vital employee, customer, and other confidential information. Consumer agencies in over 200 countries worldwide trust these security controls. And, as businesses become more globally connected, this number is only set to go up. In fact, according to the ISO, certifications increase by over 75% every year in the US alone.
It should be noted that having an ISO/IEC 27001 certification is not mandatory for businesses to operate. For us at Menerva Software though, it most certainly is.
As its name implies, the British Standards Institute (BSI) is a premier benchmark-setting organization. The institute was established in 1901 in the United Kingdom. Interestingly, the company’s first published standards were on steel sections used for tramways. Since those humble beginnings, the institute’s benchmarks and best practices have grown to become the gold standard for quality and assurance globally. Over 180 countries worldwide now use BSI’s standards.
Apart from issuing standards, they now also certify organizations that meet their high criteria. Today, they have the accreditation required to issue certifications on everything from occupational health (OHSAS 18001), and environmental management (ISO 14001) to sustainable event management (ISO 20121) and, of course, information security (ISO 27001).
How Menerva Software achieved its ISO/IEC 27001:2013 certification
To achieve this certification, we first created an ISO/IEC-compliant Information Security Management System or ISMS. We established security baselines and developed and implemented a risk management process. In addition, we provided training and awareness programs for our staff and conducted regular internal audits to measure the effectiveness of our controls. Next, we submitted our ISMS to a 2-step audit process conducted by the BSI where they examined our system’s documentation and its ability to practically implement security measures. The auditors followed this up with a thorough on-site assessment to measure compliance with ISO-27001 standards.
We are happy to report that our ISMS passed this scrutiny with flying colors!
What does this mean for our customers?
The first and foremost upshot for our customers is that they can rest easy knowing that their information is in good hands. We hope this certification will assure them that Menerva Software will always treat their data with integrity and confidentiality. Importantly, in addition to the security processes in place for our IT infrastructure, all staff, contractors, and intermediaries must also clear security thresholds to use our systems. We do this to lessen the likelihood of weak spots in our system. Second, our customers can be sure that they can safely access their own data whenever and wherever they want to. Other than that, nothing else changes! Our customers will continue to receive the same level of attention, transparency, punctuality, and quality that they’ve come to expect from us at Menerva Software.
What does this mean for Menerva Software?
While this is an important achievement for us, it is by no means the end of the road. After all, resting on our laurels is not the Menerva style! We remain committed to maintaining and improving our security systems every day. Our aim is to create a ‘culture of security’ within the company that is reflective of the credence we give to protecting company and customer data. With all our security processes in place, it is also now easier for us to be vigilant and proactive in protecting our customer’s intellectual property. As before, we remain focused on maintaining our rigorous monitoring and internal auditing systems too. The ISO 27001 certification has set the bar for us. We at Menerva Software aim to clear it every time.