CIRQ (the Certification Institute for Research Quality), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has awarded certification to Rochester, NY-based KJT Group, Inc. for compliance with the new ISO/IEC 27001:2022, the widely recognized and internationally accepted information security standard.
ISO/IEC 27001:2022 is an update to the 2013 version of the ISO 27001 standard. The older version will not be accepted for certification after Spring 2024. In May, CIRQ became one of the first bodies accredited by the American National Standards Institute (ANSI)’s National Accreditation Board (ANAB) to issue ANAB-accredited ISO/IEC 27001:2022 certificates.
The updated 27001:2022 standard establishes new control areas and more specific requirements for such activities as:
- Threat intelligence
- Information security for use of cloud services (processes for acquisition, use, management, and exit)
- Web filtering (access to external websites managed to reduce exposure to malicious content)
- Secure coding
Regarding “threat intelligence”, the new standard requires organizations to gather and analyze information about threats, so that they may continually be prepared to take action and mitigate risk.
“All companies certified to the previous standard – ISO 27001:2013 – must now transition to the updated ISO 27001:2022 framework,” explained Juliana Wood, Managing Director of CIRQ. “KJT was proactive in moving ahead quickly with certifying to the new standard. They are among the first companies in the market research sector to achieve this distinction.”
“In response to escalating cybersecurity threats and reliance on cloud computing and services, KJT recognized the urgent need to transition to the updated ISO 27001:2022 standard. This strategic shift was vital to not only safeguard KJT but also enhance the security posture for our clients,” said Param Singh, IT & IS, Sr. Director at KJT Group. “Having started our ISO27001 journey in 2020, continuing with the revised standard underscores our unwavering commitment to Information Security.”
“While we’re obviously thrilled to have our ISMS certified to ISO 27001:2022, we found that the adaptation to the updated standard and particularly the new controls around threat intelligence and the usage of cloud service providers provided a new lens to help evaluate the risks facing KJT,” commented Andrew Phillips, Information Security, Sr. Manager. “The transition was a great opportunity to strengthen current processes and establish new, meaningful controls.”
ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes, and technology. The standard covers both the technological aspects of security as well as corporate security, physical security, etc., and relies on regular risk assessments enabling a company to consistently identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
Founded in 2007, KJT is an evidence-based consulting firm focused specifically on healthcare. Whether it be identifying market opportunities, commercializing new products, or optimizing existing products within the competitive landscape, KJT has helped hundreds of clients in the health services, medical device, pharma, and biotech industries to meet their growth goals, while improving patient outcomes.
A subsidiary of the Insights Association, CIRQ/ (the Certification Institute for Research Quality) was established to provide assessment and certification services to market research firms seeking certification to ISO 20252, ISO 27001, and ISO 27701. A non-profit entity, CIRQ is committed to providing timely, thorough, and impartial assessments of its customers' research process management or information security management systems regarding certification to corresponding standards. CIRQ was established in compliance with all ISO requirements for certification bodies that provide auditing and certification services and is fully accredited by ANSI’s National Accreditation Board. To conform to its mandate of objective and impartial audits to these ISO standards, CIRQ is independently operated and managed under the oversight of an independent Board of Directors and submits to annual moderation by external authorities on ISO certification bodies.