CSC passed the eye of the needle - ISO/IEC 27001 certification renewed - CSC passed the eye of the needle - ISO/IEC 27001 certification renewed
CSC has been awarded the highly valued international ISO/IEC 27001 certificate for Information Security Management System for the next three years. The certification covers data centers, ICT platforms, long-term preservation and IaaS cloud services. This recertification audit, done every three years, was performed by Inspecta Ltd.
In the audit zero major non-conformities and zero minor non-conformities were found, but many good suggestions for improvement were noted.
Years of persistent work for development
The ISO/IEC 27001 standard for Information Security Management Systems covers a comprehensive set of requirements for security and management. The company to be certified must comply with these and the requirements must be in use, known, documented, approved by the management and continuously improved. There is also a list of 114 controls to be applied by the company.
Leading international IT service providers, including the major cloud providers, have obtained the ISO /IEC 27001 certification. The standard covers for example risk management, physical security, HR security, computer and communications security, system development, business continuity and disaster recovery. CSC has had the certification since 2013.
"It has been great to see the development from a vision on security to transform into best practices and everyday administration work, says Tero Tuononen, director in charge of CSC's ICT platforms.
Implementation of information security widely put into production
The external auditors noted that management and personnel seem to be tightly prepared to develop the information security and the implementation of information security has been widely put into production, and good practices exist. Also, awareness of security requirements for partners and the steering in security issues was in good level.
"I am so happy and proud over the fact that we passed the audit so well. People representing executive management and supervisors as well as experts were interviewed during the audit – in total 33 persons – and they all showed solid commitment to good management and best security practices, says Urpo Kaila, Head of Security at CSC.
Head of Security, CSC
Vice Managing Director, CSC