Last month, HansemEUG acquired the ISO 27001: Information Security Management System certificate, its third international standard certificate preceded by ISO 9001 and ISO 17100. Korea Productivity Center Quality Assurance (CEO: In-soo Park) awarded the certificate to HansemEUG (CEO: Yang-sook Kim) on September 27, 2019.
Hergé
LS Div.
What is ISO 27001?
ISO 27001 is an international standard developed to ensure the confidentiality, integrity, and availability of information related to corporate business. ISO 9001 audits the overall processes for quality management of the business, whereas ISO 27001 audits whether the business satisfies the 114 control items in 14 domains related to customer and corporate data security.
The authority agency has certified that HansemEUG can manage, process, and continue improving and operating under its security policy, which is capable of effectively responding to information leakage, hacking, and other security threats.
Why We Got It
HansemEUG had already developed quality management policies that meet rigorous international standards as demonstrated by being ISO 9001 certified in user manual development services and ISO 17100 in translation services. For more than three decades, HansemEUG has carried out its projects while keeping our client’s data thoroughly secure at all times. Secured data and devices is always handled only in access restricted areas and the only people who have the right to access the information are those who need it in order to minimize the risk posed to the client and satisfy the client’s own security requirements.
Is it still necessary to get ISO 27001? Opinions on this were divided even inside the company. There were some opinions against adopting ISO 27001, with some people saying that it is actually unnecessary and would just be good for marketing.
However, taking note of the recent global business environment, the President, Yang-sook Kim, understood the need to prove the security protocols of this organization and proactively meet customer requirements.
The CEO displayed strong leadership and led the charge to adopt and meet the high standards of the new security system on all fronts.
ISO 27001:2013 Requirements
ISO 27001 is defined by standardized requirements and control objectives. All organizations that wish to be accredited must meet both the ISO 27001 standard requirements and Annex A requirements.
ISO 27001:2013 Control Objectives are managed within 14 domains and 114 controls objectives. Annex A controls describe as follows.
ISO 27001:2013 Annex A control objectives and controls
- A.5 Security Policy
- A.6 Organization of Information Security
- A.7 Human resources security
- A.8 Asset Management
- A.9 Access Control
- A.10 Encryption
- A.11 Physical and Environmental security
- A.12 Operations security
- A.13 Communications security
- A.14 Information systems acquisition, development and maintenance
- A.15 Supplier relationships
- A.16 Information Security incident management
- A.17 Business Continuity Management
- A.18 Compliance
Security Internalization through the Internal Auditors
To establish a security policy for the organization, it was necessary to further develop our employees. So, we appointed two internal auditors for each team.
The internal auditors expanded the collective sense of security on each team, identifying the potential security risks each team or particular client faces, and planning target activities to minimize and remove risks. The discovered risks are chosen through objectively evaluating the real state of affairs so that we can manage to understand both our strengths and the points which need improvement.
The internal auditors became the key players in monitoring our manageable risks and encouraging secure practices in each team.
Through our first certificate audit, we were able to establish a more improved security system than yesterday. In 2020, HansemEUG is looking forward to progressively improving so as to provide our clients with the highest level of security.
