ISO/IEC 27001:2018 is based on the following principles which define the information security: confidentiality, integrity and availability of information. The standard ensures a long-term security solution, for it is based on the implementation of security policies, procedures and methods aimed at protecting the organization information and assets. By reducing at a maximum level the residual business risks is guaranteed that the management system is functional and meet the standards of the company and of the customers and observe the legislation in force.
Advantages of the information security management system certification
- credibility, integrity and confidence for clients, employees, partners and owners that the company information and information systems are protected
- providing the evidence to the authorities that the laws and regulations in force are observed
- ensuring a business continuity plan and a plan for the recovery from disaster, tailored to the organization needs
- increasing the productivity by reducing the operational risks and a better availability in running the information systems
- differentiating from other competitors within the tendering activities in the public sector or when concluding commercial contracts, that involve the access to confidential information or even state secrets.
SRAC is accredited for the occupational health and safety management systems certification by:
- RENAR - The national accreditation body (Certificate SM 004) in compliance with ISO / CEI 27001:2013 reference standard.
SRAC certifications are recognized at national and international level through SRAC partnership in IQNet (The International Certification Network).
To that extent, the organizations certified by SRAC receive, together with SRAC Certificate also the IQNet Certificate, without any additional costs.
Upon the certification process successfully completed, SRAC certified organizations:
- have the right to use SRAC and IQNet conformity marks for advertising purposes;
- are regularly informed on the evolutions in the quality and certification areas, by accessing SRAC Website, events organized by SRAC.
Every successful organization is aware that:
- the information and processing support, the systems and computer networks are some of the most important assets for the organization. Nowadays, these are more and more threatened by a multitude of factors, including computer assisted frauds, computer viruses, hacking, DoS, espionage, sabotage, vandalism, fire or flood;
- the requirements and expectations of the clients are now also directed towards the security of the information processed by suppliers and the major businesses will take this into consideration.
For every organization willing to join different partnerships, to maintain and extend its businesses it is necessary the implementation and certification of an information security management system – as part of the overall management system, based on the approach of security risk assessment aimed at establishing, implementing, managing, monitoring, maintaining and improving the information security. By the means of certification is ensured the application of the best practices for the planning, installation, configuration, use and maintenance of the information systems.