ISO 27001:2013 - Information Security Management Systems (ISMS)

ISO 27001:2013 is the latest version of the ISO’s (International Organisation for Standardisation) common framework to manage information security within an organisation. Based on their new high level control structures the standard is designed to be even more compatible with other management system standards that are available (e.g. ISO 9001 Quality / ISO 2000 Service). In addition, and more importantly to Calligo, the update takes into account the fast changing world of information security where cybercrime, cloud computing and smart devices have changed the landscape on a large scale. To deal with all of these it more than ever sees the real need for best practice standards when applying information security controls.

The basic objective of the ISO 27001 standard is to help establish and maintain an effective information security management system that has a defined continual improvement approach to ensure it can grow and change along with the business and the technologies used.

There are 114 controls across 14 groups that need to be addressed to achieve certification. Calligo’s ISMS has been built with these controls at the core of our framework, ensuring each and every one is addressed across our network.

Calligo’s implementation of ISO 27001:2013 has once again been delivered throughout the entire company. By doing this we effectively place security at the heart of our operation and make every employee at Calligo responsible for it. Our global platform is designed, built and managed under our ISMS ensuring that we continue to maintain the highest levels of security and privacy regardless of jurisdiction.

We use our ISO 27001:2013 ISMS to protect the confidentiality, integrity and availability of the information assets that are stored within our platform. This is done by finding out what potential problems could arise with the information (i.e. risk assessment) and then defining what needs to be done to prevent these issues from occurring (i.e. risk treatment) – the core of the ISO 27001:2013 is based on managing risks, identifying them and treating them with minimal disruption to our clients.

ISO 27001:2013
ISO 27001:2013 Laptop