The ISO 27001 standard is an internationally recognized certification, which is awarded when a company, business or company, follows the best practices regarding information security measures. This standard recognition is completely neutral, has a demanding, risk-based approach to determining information security in organizations, IT assessment structures, procedures and people.

Why is this ISO important?

This certification is not mandatory, organizations that wish to be certified with this standard is because they want to give their clients the guarantee of the security of their data and for this reason, they undergo the most rigorous and demanding audits, which can mark the Difference between instituting best practices and procedures, in order to guarantee the best protection of your clients’ data, in addition to having an optimal security system. Globally, there are few companies that have achieved this standard and ISO 27001 certifications, according to ISO.org, more than 27,000 companies by 2015 had achieved this among which Vodafone, Pfizer and Xerox are mentioned.

How is the ISO 27001 certification obtained?

For this standard, ISO 27001, to be granted by authorized organizations such as Certification Europe, a series of requirements must be met, and after a specialized evaluation that concludes that the “information security” in the evaluated company is protected in a satisfactory. It is a process designed in three stages:

Stage 1: a non-formal analysis of the ISMS (Information Security Management System, in Spanish) in order to guarantee that the key documents exist and are up to date, this includes a corporate security policy; a risk treatment plan and a statement of applicability, that is, how the information security plan will be implemented.

Stage 2: ISMS tests are performed independently, against the requirements outlined in ISO / IEC 27001. Once examiners have determined that the company’s ISMS, procedures, and people have complied with the ISO 27001 standards, the company is awarded three years of certification.

Stage 3: the company undergoes continuous supervision during these three years through periodic audits, in order to confirm that the organization remains in accordance with the standard. This cycle is repeated every three years.

Mercury Cash looking for ISO 27001 certification

As Mercury Cash is a globally recognized financial services company with more than 14,000 clients, it considers it important to have this “quality seal” for its information security processes, which is why Mercury Cash is preparing for the ISO 27001 certification, which would give it a series of advantages, among the most important of which are the following:

  • Significantly increases the prestige and trust of customers with the company as a provider of financial services.
  • It indicates that it has a certified management system that guarantees that its information security processes are structured and well-coordinated.
  • It shows customers and companies that all applicable legislation and management, technological and legal controls are complied with, so having an ISO 27001 is much more than just a technological standard.

Customer benefits

Having “certified” security systems save the client from auditing moments since certification means that the system has been audited by a third party. The certification ensures that the products and services are in accordance with the expectations and wishes of the clients. With regard to information security, the ISO 27001 standard ensures its clients the use of good practices in this regard. This norm fights against the risks and permanent threats on the part of the technological and computer criminals.

What do you think about this topic? Would it give you more confidence in the company that we have the ISO27001 certification?

If you want more information about our products and services, you can contact us or write your query below.

Image by Tim Van der Kuip via unsplash.com under creative commons license.


Leave a Reply

Your email address will not be published.