Penta was awarded ISO/IEC 27001:2022 certification in May 2023, the first company in Dubai and Geneva to achieve this. But what does it really mean? And why does it matter to Penta’s clients?
According to Penta COO, Hossein Fezzazi, this certification should give their clients an enhanced sense of security and peace of mind.
“Our clients will be delighted with this news because it means that Penta’s hard work in gaining this accreditation can be used to beef up their own IT security.”
This short explainer gives some background on this new certification and looks in more detail into how companies can benefit from it.
What is ISO?
ISO stands for the International Organization for Standardization. It is an independent, non-governmental international body headquartered in Geneva. ISO creates and certifies globally recognized standards that help organizations in different sectors achieve best practices and meet regulatory requirements.
Organizations often choose to adopt these standards and to demonstrate to their customers and employees a commitment to achieving and maintaining certain industry standards.
What is ISO 27001?
ISO 27001 is an internationally recognized standard for managing and protecting sensitive information. It involves the creation of an Information Security Management System (ISMS) to ensure data confidentiality, integrity, availability, and protection from cyber attacks.
How is ISO 27001:2022 different from ISO 27001:2013?
The criteria for achieving ISO-certified status in all industry areas change periodically to keep up with technological and market changes affecting the landscape in which certified companies must operate. In the specific case of ISO 27001, there have been several small but significant changes and updates in the 2022 revision. The changes have been made in response to an ever-evolving threat from cyber criminals using increasingly sophisticated modes of attack. These changes include:
- Incorporating the Annex SL (a framework that provides a common high-level structure for management systems) for better integration with other ISO management system standards.
- A more holistic risk management approach.
- Emphasizing the role of the organization’s leadership in information security management.
- Explicit requirements for addressing emerging technologies, cloud computing, and supply chain security.
- Specific guidance on cybersecurity incident response.
- Updates to international best practices in information security management.
Full details of ISO/IEC 27001:2022 can be found here on the ISO website.
Companies certified in the 2022 version of ISO 27001 are now even better placed to tackle information security issues and consequently, are better able to protect their clients.
Why work with a company that has ISO 27001:2022 certification?
According to Fezzazi: “An organization that has achieved ISO certification has demonstrated a commitment to uphold the highest industry standards for information security and is well-placed to pass that commitment, knowledge, and expertise along to its clients and partners.”
“Being the first company to currently have the certification allows Penta’s clients to benefit from certain advantages over and above the peace of mind that the previous version of the certification already gives in the areas of data protection, compliance, and cyber security,” adds Fezzazi.
This additional certification demonstrates that the holder can assess, audit, and implement information security management systems to an internationally recognized standard, and can augment and build on those standards to adapt to a changing landscape.
Additionally, gaining certification like this also assures clients that there is a verified information security management system in place; a security layer present throughout the infrastructure and services offered that clients can take advantage of. This means that clients can benefit from all the added security and safety that ISO 27001:2022 brings by being included in Penta’s verified ISMS, without making the investment required to get certified themselves.
Put simply, working with an ISO 27001:2022 certified company in the DIFC ensures that the products and services that they provide come with stringent security measures, data and privacy protection, regulatory compliance, and a pathway to continuous improvement built in.
To speak to Penta about establishing an Information Security Management System in your company, contact us.