Recently, we took proactive steps to make our information security management systems ISO compliant. Electrum Head of Operations Ferdi Immelman writes about how this translates into significant security advantages for our clients.
Electrum recently completed the ISO/IEC 27001:2013 compliance process. We chose to bring our organisation in line with this international standard because we’re serious about protecting our clients and ensuring that customer data is fully secured. By doing so, we also eliminate the need for new customers to conduct their own security audits.
…an opportunity to embed security into our processes…
The ISO/IEC 27001:2013 standard is a data compliance regulation that covers three main areas: data confidentiality, data integrity, and service availability. Now that Electrum is compliant, we’re better prepared to combat any data leaks, unauthorised access, fraudulent manipulation of data or any attacks that threaten to disrupt our service.
ISO compliance signals a new level of maturity for Electrum because it’s an opportunity to embed security into our processes, rather than just ticking boxes and carrying on as usual. For example, the mandatory secure code training required by ISO serves to remind our developers of this critical component of their job. In the thick of development and code reviews, it’s understandable – and only human – that a developer might neglect code security. But ISO compliance means that we’re benchmarked against best practice coding standards, helping to drive home the importance of security in all of our code.
…it validates the effort we’ve put in to protecting our customers’ services and data…
Over 18 months, we worked with top external consultants to reach full compliance with the standard. During this time, we completed an internal gap analysis, designed and developed an information security management system (ISMS) according to the ISO framework, and deployed the new processes throughout the entire organisation. One of the new processes includes a static code analysis, which detects software bugs, scans for vulnerabilities, checks for dependencies and passes the code through quality gates. Compliance with ISO/IEC 27001:2013 is valid for three years, with annual assessments.
Personally, I’m ecstatic that we’re now compliant because it validates the effort we’ve put into protecting our customers’ services and data, and it means I sleep better knowing we’re all properly protected.
If you’d like to talk about how our ISO compliance improves security for your customers, get in touch with us.