Basetis is certified with ISO 27001:2013 by adapting its information management system to the security standards dictated by this standard. Our Information Security Management System is therefore based on the recommendations of said standard.
Information Security Management System (ISMS)
Basetis is aware of the importance of correctly treating the information and data of our clients and employees, and of the risks that misuse entails. That is why we have complemented our Information Security Management System (ISMS) with the ISO27001: 2013 standard certificate. Having the support of this certification allows us to offer our services ensuring the highest possible quality and guaranteeing added care in terms of compliance with Information Security and current Legislation on the matter.
Following the standards dictated by the norm, we have achieved that our Information Security Management System (ISMS) meets the main objective of the application of this norm, which is:
- Guarantee confidentiality.
- Information integrity and availability.
- As well as the systems involved in its treatment.
ISO 27001: 2013 in Basetis
Development of the ISMS in Basetis
In order to obtain the ISO 27001: 2013 certificate, we have prepared a series of documentation that consists of a General Information Security Policy from which the Information Security Management Policies are broken down, as a security manual, procedures, registers, technical instructions and tools to be able to develop and follow-up to the System.
To achieve the implementation of an ISMS in accordance with the standard, the following points have been worked on:
- An Audit Plan has been carried out,
- The scope of our Information Security Management System has been established, which is important when making a correct risk analysis,
- Measurable safety objectives have been established,
- An Information Security Committee has been created, in charge of ensuring the correct functioning of the System,
- Work teams have been trained and formed,
- A risk analysis has been done taking into account all the information assets, threats and vulnerabilities within the organization,
- A methodology has been defined for the correct management of risks,
- The application of each of the controls defined by the standard for information security management has been analyzed, which is evidenced in a statement of applicability.
An ISMS focused on risk
Our ISMS is part of the ISO 27001: 2013 standard, for which a risk-focused system has been developed that allows us to address and detect possible threats and vulnerabilities, thus guaranteeing the correct safeguarding of the information that we handle as an organization.
During the certification process, the certification company Bureau Veritas Ibèria S.L. highlighted the following strengths of our System:
- Commitment and training of the entire organization,
- Control of legal compliance,
- Risk analysis methodology suitable for the organization,
- Determination of measurable objectives with their respective monitoring mechanisms, correctly documented and regularly reviewed,
- ISMS reviews are carried out with the correct periodicity.