“According to the rules, certificates are awarded for a period of three years, after which the company must once again go through a complete certification procedure. The requirements are very rigorous, since the re-audit must demonstrate that the company not only maintains its standards for information security management, but also improves them at all times.” – said Marta Kotwis, The Commissioner for Information Security Management System.
“We are proud that we were able to confirm that. It is a way of expressing a special attention we give to customer`s data security and a guarantee of full protection of their privacy, which we have been nurturing for over 5 years now.” – she adds.
In contrast to the so-called annual re-certification audits which aim at monitoring whether the company keeps previously declared standards, the certification audit verifies once again from scratch the way the company operates and covers all areas related to the provision of adequate security information such as legal, technical, organizational as well as procedures related to ensuring business continuity.
The Audit of FORDATA lasted three days and was conducted by a leading independent Certification Body, which leads audits and certifications in the field of Systems Management – BSI Group.
PN-ISO/IEC 27001:2005 is an international standard for Information Security Management Systems in companies. It encompasses a set of procedures within following fields:
2. Organising information security
3. Asset management
4. Human resources security
5. Physical and environmental security
6. Operations systems and networks management
7. Access control
8. Business continuity management
9. Information systems acquisition, development and maintenance
10. Information security incident management