ISO/IEC 27001 is an international standard containing requirements for information security based on the global best practices for creating, developing and maintaining an information security management system in a company.
Given that Acsour’s business relates directly to the processing of personal data, it is not enough to have IT solutions alone. It is important for the company to have a genuinely functioning system for managing information security integrated with the company’s business processes and to consistently apply information security rules when new processes and information systems are developed. All these tasks have been addressed within the framework of the certification of the information security management system under the international standard ISO 27001:2013. Moreover, the company has been able to implement corporate risk assessment and risk management, together with the subsequent monitoring of the efficiency of the measures aimed at preserving the safety of information.
With internal business processes being set up in accordance with ISO 27001, Acsour has been able to enhance the sustainability of information systems, offer a shield against actual threats to information security, ensure the confidentiality of information and expand the company’s capacities and benefits for our clients.
“Acsour’s information security management system (ISMS) is constantly changing: not drastically (otherwise it would have been strange since the main principles were laid down at the initial stage), but the rate of evolution is always a pleasant surprise. In the second year of use we started to vigorously pursue the in-depth development of the ISMS. We have proceeded with consistent work on the risks identified. This is how we managed to cover one of the most significant risks, namely -complacency once we obtained the certificate. I am pleased to stress that this movement has also struck a chord with the management, including with their consent to allocate the (considerable) resources necessary to ensure such evolution. As a result, the situation has improved significantly, in particular with ensuring uninterrupted business operations (our own and, accordingly, our client’s business) as compared with the first year after certification”.
