Security
Achievo's ISO27001 certification
Join Achievo SVP and CIO Bud Mathaisel and Director of IT David Kuang as they discuss Achievo's ISO27001 certification, and why Achievo's innovative approach led InfoWorld to name Mathaisel one of the top 25 CTOs of 2008. |
|
|
|
|
Achievo's innovative approach to information security, combined with our ISO/IEC 27001 information security management system (ISMS) certification, exemplifies our commitment to ensuring the highest possible level of security for our customers' intellectual property (IP). In fact, Achievo's security innovations led to Achievo CIO Bud Mathaisel being named to InfoWorld's 2008 list of top 25 CTOs.
Those innovations are exemplified by our "separation of duties" approach, in which separate teams develop and review code, and manage testing and production. We have also built-in physical security measures, such as having our developers work in a glass-walled room accessible only with electronic key cards, with workstations that are not networked to each other or to the rest of our systems, and don't have access to the Internet, e-mail, or other external conduits. We've even gone so far as to disable the workstation's USB ports and disc burning capabilities.
Ongoing training for our team members reinforces security best practices, while helping Achievo maintain the highest level of security awareness within our corporate culture.
Achievo Has Attained ISO/IEC 27001:2005 Certification for all of its Asia Software Development Centers
Achievo pioneers information security standards for offshore IT managementISO/IEC 27001:2005 certification, the internationally recognized standard for information security management, is designed to ensure the selection of adequate and proportionate security controls that protect information assets and establish a high level of confidence to interested parties.
- "Many believe ISO 27001:2005 to be largely about the physical aspects of security," said Bernard "Bud" Mathaisel, Achievo's senior vice president and chief information officer. "The reality is ISO 27001:2005 certification touches on nearly every management process in running information security, including IT and areas such as disaster recovery. It's not just about locking things down. ISO 27001:2005 certification establishes a holistic mindset that permeates every aspect of information security management. At its most basic level, going through the certification process helps create a culture that respects the intellectual property of others and will not tolerate breaches. This is a major point of assurance for anyone contemplating sending all or part of their IT process offshore."
The International Organization for Standardization (ISO www.iso.org) is a network of the national standards institutes of 157 countries, calculated on the basis of one member per country, with a Central Secretariat in Geneva, Switzerland. ISO/IEC 27001:2005 security certification is awarded to companies that meet stringent Information Security Management System (ISMS) standards. Companies are audited and certified to the standard by certification bodies. ISO itself does not carry out certification. Companies must comply with more than 100 separate requirements for organizational security, incident management, risk management and compliance. Certified companies are able to offer their customers a higher level of security assurances and a higher quality of process and deliverables.
