We believe that information security is a fundamental building block of our business. To help us handle information security in a structured manner, both in our technical operations and business processes, we choose to follow the ISO 27001 security standard. Our certificate number is IS 599234 and was issued by BSI.
About our ISO27001 certification
The ISO/IEC 27001 standard specifies the requirements to establish, implement, maintain and continually improve an information security management system within the context of the organisation. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.
As part of the certification process, we implemented an Information Security Management System (ISMS), based on the ISO27001:2013 standard. The objective of the ISMS is to protect the confidentiality, integrity and availability of the information we receive, process and store in the EURid environment. The ISMS follows a risk-based approach to ensure that we can:
- Identify information security risks through an appropriate risk assessment process;
- Select controls (policies, standards, procedures and technical measures) to reduce the identified risks to an acceptable level;
- Regularly audit, review and maintain the controls and keep them up to date to cope with emerging threats and risks. We evaluate information security risks taking into account the confidentiality, integrity and availability requirements of EURid's information assets.
For more information on the ISO standards and ISO27001 specifically, see http://www.iso.org.