As a business optimisation systems supplier to infrastructure and utility organisations, Servelec Systems viewed information security of clients’ data as paramount, as much of the information exchanged during the business process is confidential and classified.
For years, the groundwork for an Information Security Management System (ISMS) has been done before deciding to certify the company to ISO 27001:2005. Accreditation to ISO 27001:2005 has recently been awarded to Servelec Systems.
Besides ISO 27001, Servelec Systems also operates in accordance with the ISO 9001 Management System, and develops products in compliance with ISO 27019.
“ISO 27001 sets out on how we manage information security within our business to protect against loss of information, to ensure that all the information we use in our day to day jobs is secure and protected. There are many examples of how this is achieved in our daily work, and the team has worked very hard to ensure that we have the correct procedures in place for all employees and suppliers to follow. This may include, for example, tethering laptops, locking away all information in the office when the office is unmanned, protection and backing up of information, enabling passwords on confidential documents and software, etc.” summarised Gavin Rawson, Security Officer of Servelec Systems, on the essence of the ISMS.
Integrating the ISMS also involves detailing, formalising, documenting and training of mandatory procedures and codes of practises to all staff, together with non-exhaustive list of IT security implemented across the organisation’s functions such as Administration, HR, R&D, Project Management, Customer Support, Sales and Marketing, and other support functions.
According to Rawson, the key to integrate ISO27001 into working practices and procedures is to instigate and create awareness, to both internal and external stakeholders of the company, of the responsibility to secure and protect assets and customers information. It is a role to be played at the front line in order to protect customers’ data with regards to Servelec Systems’ installed products so that customers should feel confident and secure when dealing business with the company.
As security is an on-going challenge, considerations have also been made for further security measures such as ISO27019 for Servelec Systems Ltd products, as well as monitoring other security standards such as the NERC CIP and new NIST framework security standards.
“We believe that a secure approach to manage the security of our business operation goes hand in hand with the development of a secure product that integrates into our customers’ business and security infrastructure”, concluded Neil Butler, Managing Director of Servelec Systems.
Division: Servelec Technologies
Category: Systems, Technologies