OneNeck® IT Solutions earns ISO 27001 certification
May 08, 2014
OneNeck® IT Solutions announced today it has earned ISO 27001 certification for its Information Security Management System (ISMS) supporting the colocation services at its data center in Eden Prairie, Minn. ISO 27001 is a global security standard that sets requirements for a company's ISMS. The examination includes a review of a company’s ISMS as well as the information security controls necessary to ensure the confidentiality, integrity and availability of its sensitive information assets.
“We pursued this certification,” said Clint Harder, CTO and senior vice president of Product Strategy at OneNeck. “We wanted to measure ourselves against the most widely accepted security management framework. We also wanted an objective third-party assessment on the systematic way we manage sensitive company and customer information. Earning ISO certification confirms OneNeck is following internationally accepted best practices. It also demonstrates to our customers that we’ve built an ‘audit-ready’ Information Security Management System they can trust.”
OneNeck’s ISO 27001 ISMS was certified by BrightLine, a leading provider of attestation and compliance services. BrightLine is a CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor, and a FedRAMP 3PAO.
The certification affirms that OneNeck is following the standard ISO information security management protocols and best practices as they relate to the colocation services at its data center in Eden Prairie.
“Good security is a matter of doing the right things right,” says Kenneth Hartman, Security Architect at OneNeck. “We make sure risk assessments are happening. We review any security incidents and regularly audit our security controls. In essence, we built an Information Security Management System and, through ISO 27001 certification, we are ensuring it is audit-ready.”
The ISO process includes a Plan-Do-Check-Act cycle for continuous quality improvement.
Planning includes a review of policies and procedures; it looks at how and what is done to secure the environment and comply with the ISO 27001 Standard.
“Do” looks at implementation of policies and procedures.
“Check” reviews internal audits, measures process performance, and reviews the effectiveness of the ISMS.
Act is the action phase and includes making refinements and corrective actions based on the output of the check phase.
“This is not a one-and-done process,” said Harder. “It’s a continuous cycle that’s repeated on an ongoing basis to ensure the ISMS remains effective and continues to improve and mature.”
OneNeck also regularly submits itself to third-party audits including a Type 2 SSAE 16 (SOC 1) examination, of which some of the control activities defined by OneNeck management align with ISO 27001.
“These assessments/examinations are very attractive to customers with heavy compliance requirements,” says Harder. “In fact, we tend to spend a lot of time on the front-end working through security questionnaires and assessments—most of which are based on ISO 27001. This certification will help streamline the due diligence process many of our customers must go through on an annual basis.”