ISO27001

What is ISO27001?

ISO27001 is the internationally recognised best practice framework certification for an information security management system (ISMS). 

Paradise Computing Ltd is ISO 27001:2013 certified as follows:

Scheme/Standard: ISO 27001:2013

Certificate/Licence number: IS 502608

Scope: The Information Security Management System in relation to the provision of managed application hosting services via 3rd party and internal hosting solutions.

This certification assures you that:

• The company running the centre have developed an Information Security Management System (ISMS) which has been successfully tested and audited by an external auditor.
• Proper thought has been given to all aspects of data security, including physical and environmental issues as well as digital and electronic threats.
• That the company regularly reviews it's procedures and policies to ensure it is current.

Eleven areas are covered within ISO27001:

1. Information Security Policy
   Is there management direction and a written policy to provide support and direction for information security activities?
2. Organisational Security
   Is there an infrastructure to manage security within the organisation? includes management forum and processes, third party access and outsourced arrangements?
3. Asset Management
   Are organisational assets protected? Includes inventory and classification.
4. Human Resources Security
   Are the risks of human error or fraud reduced? Includes personnel screening and T&C's, security training and incident reporting.
5. Physical and Environmental Security 
   Is unauthorised access to business premises controlled? Includes physical security, secure areas, equipment security, maintenance and disposal.
6. Communications and Operations Management 
   Are information processing facilities operated in a correct and secure manner – Includes operating procedures and change control, system planning, protection against malicious software, backup, media handling, information exchange, and email security.
7. Access Control 
   Is access to business information and processes controlled on the basis of business and security requirements? Includes user and password management, mobile users, access to applications and network services.
8. Information Systems 
   Is security is built into information systems? Includes development and support processes, cryptography and data validation.
9. Incident management 
   Are events and weaknesses reported, and are events consistently managed?
10. Business Continuity 
    Are critical business processes protected from the effects of major failures or disasters?
11. Compliance 
    Does the firm take measures to avoid breaches of law, statutory, regulatory or contractual obligations

Paradise Computing & ISO27001

Paradise is audited by BSI and has been certified since 2006 having achieved the ISO27001 standard.

In addition to providing a world-standard service this enables Paradise to provide you with a copy of our certification which can help greatly with issues of compliance to quality systems.