CIRQ (the Certification Institute for Research Quality), an International Standards Organization (ISO) audit and certification body that is a subsidiary of the Insights Association, has recertified Information Specialists Group, Inc. (ISG) to ISO 27001, one of the most widely recognized and internationally accepted information security standards.
Accredited certification to ISO 27001 involves undertaking regular reviews and internal audits to ensure the continual improvement of the information security management system (ISMS). Bloomington, Minnesota-based ISG achieved its certification in 2019. The certification is verified annually by CIRQ’s independent audit establishing continued compliance and protection of data.
ISO 27001 provides a framework for companies to manage their data security. It establishes requirements for information controls to manage people, processes and technology. The standard covers both the technological aspects of security as well as corporate security, physical security, etc., and relies on regular risk assessments enabling a company to consistently identify and treat security threats. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
“I am very proud of our team for embracing the ideals of ISO 27001 and structuring our processes and documentation in a way that kept data security in the forefront since we initiated this endeavor in 2019,” says Robert McGarry, Jr., president of ISG. “This focus has expanded into all facets of our operations and has made us a much stronger organization as a whole.”
“This is significant milestone as it marks the completion of ISG’s first three-year certification cycle,” commented Juliana Wood, Managing Director of CIRQ. “This accomplishment underscores ISG’s commitment to data security and securing their clients’ trust.”
About ISO 27001
ISO 27001 provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization’s ability to meet information security requirements. ISO 27001 can be mapped to other information security schemes such as Hitrust, NIST and Soc2. Compliance with the standard also enables a company to meet global security laws, such as the NIS Directive and the GDPR.