ASACERT certifies Information Security Management Systems for the purpose of providing confidentiality, integrity and availability for all information circulating and present in any company. ASACERT certifies Information Security Systems according to the standard ISO / IEC 27001 and consistently with the standards for quality management systems, environment and safety at work.
ISO 27001 is an international standard that establishes requirements for Information Security Management System, in particular physical security, logical and organizational aspects (Information Security Management System − ISMS).
ISO 27001 is the certification standard to which the organization should refer to implement an Information Security Management System that can be certified by an independent certification body. The standard is applicable to all private and public companies.
Since information is an asset that adds value to the company, and now most of the information is stored electronically, each organization must be able to guarantee the security of their data, in a context where the risks caused by breaches of computer security systems are constantly increasing. The aim of ISO 27001 standard is exactly to protect data and information from threats of all kinds, in order to ensure the integrity, confidentiality and availability, and give the requirements to adopt an information security management system (ISMS) for effective management of sensitive corporate data.
The structure of ISO/IEC 27001 is consistent with that of the Quality Management System ISO 9001 and Risk Management, based on the process, structured in security policy, identification, risk analysis, evaluation and treatment of risks, review and reassessment of the risks, PDCA model, use of procedures and tools such as internal audits, non-conformity, corrective and preventive actions, monitoring, continuous improvement.
Compliance with ISO 27001 does not relieve the organization from complying with the minimum safety measures and the production of the documentation required by the Privacy Law.
The main difference between the Privacy Law and ISO 27001 standard is that the Privacy Law protects sensitive personal data, while the ISO 27001 is also interested in business data that must be safeguarded for the interest of the organization.