BLOG

July 7 2019

ISO 27001 certified datacenter. ISO 27001 compliance

What is ISO 27001 certification? How Important Is It For A Hosting Provider?

Datacenter ISO 27001 Certificates Banner

ISO 27001 compliance is the most common and most relevant for providing requirements for an information security management system (ISMS).

First introduced in 2005, the ISO family of standards for information security management has received more attention recently as a result of increasing data breaches and security outages. However, they are still not as popular as HITRUST or SOC 2 audits, so in this post we will be talking specifically about ISO 27001, who it affects and what compliance means for your organization.

What is ISO 27001?

ISO 27001 is a compliance regulation like PCI or HIPAA. There are a dozen standards within the ISO family, but 27001 is the most common and most relevant for providing requirements for an information security management system (ISMS). ISO standards were first introduced in 2005, but were revised in 2013.

Obtaining an ISO 27001 accredited certification demonstrates that your company is following information security best practices and provides independent, qualified control that information security is managed in line with international best practices and business objectives.

What is an ISMS?

Essentially, an ISMS is how you decide to move closer to protecting your sensitive data. Such data may include financial records, medical information, internal employee data, or other information entrusted to you by a third party. Your ISMS is not just the data itself, but also the people, processes and technology that surrounds it and includes a risk management process. The goal of the ISMS is to help organizations protect their information.

Do I need ISO 27001 compliance?

ISO 27001 is required in many government areas, public administrations and even SMEs since the advent of the European data privacy law, better known as the GDPR.
If you handle personally identifiable information (PII) or use a hosting provider that does, it's really something you (or they) should have. An ISO certification shows you, your customers, and your board of directors that you or the hosting provider you work with take data security very seriously.

What does an ISO 27001 audit review mean?

Here are the controls you will measure yourself against:

  1. ISMS scope
  2. Information security policy
  3. Information risk assessment process
  4. Information risk treatment process
  5. Information security goals
  6. Proof of the proficiency of people working in information security
  7. Other documents related to the ISMS deemed necessary by the organization (optional?)
  8. Operational planning and control documents
  9. Results of information risk assessments
  10. Decisions concerning the treatment of information risk
  11. Evidence of information security monitoring and measurement
  12. ISMS internal audit program and related results
  13. Evidence of the reviews of the general management of ISMS
  14. Evidence of the style of non-compliance identified and resulting corrective actions

As you can see, ISO 27001 covers information security in depth. But keep in mind that the company you choose that will check you against these standards offers an opinion that you meet them, so make sure you choose reputable auditors who understand the controls thoroughly.

Who is involved in achieving ISO 27001 compliance?

Since ISO is a management standard, it means that all members of the management team are involved, not just the IT department. This includes the CEO, CFO, and anyone else on your team. Having the entire management team part of the process makes it much easier to enforce security controls and a compliance culture at all levels because each department is actively involved in achieving compliance.

Looking for an ISO 27001 compliant cloud, hosting or dedicated service provider?

We work only and exclusively with companies and datacenters in possession of this ISO 27001 certification. If you work with us you will have all the certificates of compliance and full compliance with the GDPR.

About the author

Born in 1981 and internet user since 1994, electronic and electrotechnical expert in the telecommunications sector, I attended the degree course in Information Technologies at the University of Camerino. I have been a GNU Linux systems engineer since 2005. Founder and majority shareholder in Managed Server Srl, I am focused on Linux systems engineering and the web performance of the main CMS including WordPress / WooCommerce / Prestashop / Magento.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds owns the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Facebook, Inc. owns the rights to Facebook®; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV This site is not affiliated, sponsored, or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a registered trademark at European level by MANAGED SERVER SRL Via Enzo Ferrari, 9 62012 Civitanova Marche (MC) Italy.

Back to top