Information Security at Now ISO 27001-Certified

Isabella Mysicka Jan 12, 2016

All IT systems – smartphones, tablets, notebooks, workstations, individual server systems, or even extensive cloud systems – have seen a steady rise in abuse in recent years. The global networking of devices over the internet is creating threats that would have been unthinkable not too long ago. Today, countless cybercrime activities are showing how easy it is for cybercriminals to take advantage of the IT systems of users, who are often completely unaware.

This is drawing more attention to the question of whether data is secure at all these days, as well as where and how certain data can be stored safely. As a consequence, providers like that save and process data are also coming under increasing pressure to guarantee information security. Another key aspect involves audits of these measures by an independent, external party. There is a widely accepted and used standard for information security: ISO 27001.

A comprehensive risk analysis of all areas of a company is essential to an integrated information security approach in compliance with ISO 27001. In addition to the tangible aspects, companies must also define technical and organisational measures for ensuring the availability, integrity and consistency of data.

An audit performed by a certification authority involves reviewing whether the measures that are in place meet the risk management requirements, whether they are applied as defined and whether they are documented accordingly. All this was checked at during a four-day audit carried out by the certification authority SwissTS in November 2015. We are very excited to have received this additional ISO certification!

We would also like to emphasize that successful information security depends on the location of the data and therefore the physical features of the data centre. A secure data centre, however, is just one small aspect of physical information security and, by itself, is no guarantee of ironclad information security. In our view, it would therefore be careless to have only the data centre inspected by the certification authority, which is why we decided to certify the entire company. This will allow to ensure documented, seamless information security in line with ISO 27001.

Philipp Koch is the CEO and co-founder of Nine Internet Solutions AG.