ISO 27001 / 27017 – Certification

Phenome Networks is dedicated to safeguarding our customers’ data. To emphasize this commitment, we are delighted to announce that we have been awarded certification under ISO 27001 and ISO 27017 by the International Standardization Organization.

ISO/IEC 27001 is the global standard for information security management systems (ISMS).

ISO/IEC 27017 provides specific controls for cloud services. Key points include:

Benefits of these certifications

  • Enhanced Security: Systematically protects information;
  • Risk Management: Reduces information security risks;
  • Regulatory Compliance: Meets legal and regulatory requirements;
  • Customer Trust: Boosts confidence in our clients’ security practices;
  • Business Continuity: Increases resilience to cyber threats;
  • Operational Efficiency: Streamlines processes;
  • Competitive Advantage: Differentiates your organization;
  • Employee Awareness: Improves security awareness;
  • Cost Savings: Reduces costs from security breaches;
  • Improved Management/Governance: Supports continuous security improvement;
  • Compliance: Meets cloud security regulations.

As part of the certification process, Phenome Networks has taken the following vital steps:

  1. Gap Analysis
    Conduct a gap analysis to assess the current information security practices against the ISO 27001 requirements. Identifying areas that needed improvement or new processes that needed to be implemented.
  2. Management Support
    Obtain buy-in from top upper management, as their support is crucial for providing the necessary resources and fostering a culture of security within the organization.
  3. Forming an Implementation Team
    Assemble a team with representatives from different departments to oversee the implementation of the ISMS (information security management system). This team is responsible for developing policies, procedures, and controls.
  4. Risk Assessment
    We have performed an assessment to identify and evaluate information security risks. Based on this assessment, we have developed a risk treatment plan to mitigate identified risks.
  5. Developing Documentation
    We have created the required documentation, including an information security policy, risk assessment and treatment plan, procedures, and records. This documentation meets ISO 27001 requirements.
  6. Implementing Controls
    We have implemented the necessary controls and measures to mitigate risks and ensure information security. This includes both technical controls (e.g., firewalls, encryption) and organizational controls (e.g., training, access controls).
  7. Internal Audit
    We have conducted an internal audit to ensure that the ISMS is functioning as intended and is compliant with ISO 27001. Here we have identified any non-conformities that must be addressed before the external audit.
  8. Management Review
    Hold a management review meeting to evaluate the performance of the ISMS, review audit findings, and to ensure continuous improvement.
  9. External Audit
    Engage an accredited certification body to conduct an external audit. This involved a two-stage process:
    • Stage 1 (Document Review)
      The auditors reviewed our ISMS documentation to ensure it meets the standard’s requirements.
    • Stage 2 (On-site Audit)
      The auditors visited our organization to verify that the documented processes are being effectively implemented.
  10. Addressing Non-Conformities
    We have reviewed non-conformities that were identified during the external audit, addressed them and provided evidence of corrective actions taken.
  11. Certification
    Once the auditors were satisfied that our ISMS meets the ISO 27001 requirements, we were awarded the certification.

We are committed to doing whatever it takes to secure your data!