Information security is vital to Altenar and the company is delighted to have had our ISO 27001 certificate renewed after a recent audit.
We spoke to Denise Vella, Director of Information Security at Altenar, to learn what was involved in the process and its importance for the company and our operating partners.
What does it mean for Altenar to have received our renewed certificate?
Altenar was initially awarded the ISO 27001 certification in April 2022. We have now successfully completed the second and final surveillance audit ahead of our recertification with the new version of ISO 27001:2022.
This reaffirms our commitment to maintaining a robust Information Security Management System in accordance with the management standard and the company's ongoing efforts to maintain a good information security posture and continuous improvement. It also shows Altenar’s commitment to protecting sensitive information and managing security risks effectively.
For Altenar, being ISO certified provides us an added benefit to demonstrate compliance with regulatory requirements related to information security and facilities certification with the several jurisdictions we operate in.
How often is the certificate renewed?
ISO 27001 certification is valid for a three-year cycle. To renew the certificate, the company must undergo annual audits to ensure continued compliance.
How rigorous is the audit?
The ISO 27001 audit is typically quite rigorous, as it involves a thorough examination of the policies, procedures, controls, risk management process and records. The auditors delve deep into the policies and procedures to ensure compliance with all requirements of the standard that are applicable.
Further to this, key personnel within the organisation are interviewed to assess their knowledge and understanding of the information security practices. The audit assesses the organisation's risk management processes to ensure that risks are adequately identified, evaluated and addressed through appropriate controls.
What are the biggest challenges in passing the audit?
I would say the biggest challenge in passing the audit is fostering a culture of security awareness and compliance among employees at all levels, as well as strong leadership support. Fortunately, Altenar boasts a robust security posture, with employees maintaining a cooperative environment by carrying out the necessary training and complying with the relevant policies.
How important is it that everyone in the company is aware of cyber security?
Humans are the weakest link in the chain of cybersecurity. Phishing and social engineering attacks are always on the rise, in order to manipulate individuals into revealing sensitive information, clicking on malicious links, or downloading malware.
So it is of utmost importance that everyone understands cybersecurity risks, company policies and procedures, as well as their individual responsibilities to maintain compliance. This understanding is vital not only for maintaining certifications but also for safeguarding information and preventing security incidents.
A cybersecurity breach can damage a company's reputation and trust with customers and stakeholders. By ensuring everyone in the company is aware of cybersecurity risks and best practices, the company demonstrates its commitment to protecting sensitive information and maintaining trust.
How important is the certificate in terms of highlighting our security policies to our clients and partners?
Achieving certification demonstrates Altenar's continuous commitment to implementing and maintaining robust security policies and procedures. It provides external validation of our security practices and risk management, and enhances credibility with clients and partners.
It reassures clients and partners that their data and sensitive information will be handled with care and protected in accordance with internationally-recognized standards which also provides competitive advantage in the market.
You can verify the validity of our ISO certificate by entering our certificate number 239970 via this link: www.british-assessment.co.uk/verify.
