ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance.
The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how Gravicus perpetually manages security in a holistic, comprehensive manner.
This widely-recognised international security standard specifies that Gravicus does the following:
- We systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.
- We design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
- We have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
Gravicus has certification for compliance with ISO/IEC 27001:2013. This certification is performed by independent third-party auditor.
Our compliance with this internationally-recognised standard and code of practice is evidence of our commitment to information security at every level of our organisation, and that the Gravicus security program is in accordance with industry leading best practices.